MBA STUDENTS PLEASE DO NO MORE EDITING OR ADDING TO THIS PAGE. PLEASE GO TO "THE NEW HOME PAGE" INSTEAD
It is estimated that medical errors may cause 44,000 to 98,000 deaths per year (or the equivalent of two 737 jets crashing daily). Medication errors can be reduced, if not eliminated, by the use of EMR’s[1] . Yet, physicians and hospitals alike have been slow to adopt EMR’s due to several reasons. These include, but not limited to, technology that is not user friendly, cost of installing and training, difficulty in usage and non-communication between different systems making the information still difficult to obtain.[2]
The Baby Boom Medicare "explosion" is quickly approaching, certain to further strain healthcare resources, and an economic recession has focused political and business leaders on cost-containment measures, including healthcare expenditures. Accordingly, these forces are poised to redirect the typical incrementalism of health policy formation to more radical reformations.
This analysis was undertaken to evaluate the universal adoption of an electronic health record. Specifically, the existing electronic health information technology‘s
benefits and drawbacks along with its use in data mining to improve patient care are examined in the context of its adequacy for a national electronic health record (EHR) initiative. However, the prospects of a national electronic health record have not been uniformly received with enthusiasm. Perspectives of electronic health information systems have ranged from a bothersome burden to a healthcare panacea. While many the in the insurance industry and academia have lauded its potential value, healthcare providers including physicians and hospitals have remained suspect of its cost-benefit ratio. These barriers to the implementation of an electronic health records are further considered below, along with the potential advantages and disadvantages its global adoption. Finally, the financing of such a project, either through the private sector or government sponsorship, is evaluated.
Defining an Electronic Health Record
The terms EMR (electronic medical record), EHR (Electronic Health Record) and PHR (Personal Health Record) are often used interchangeably by the media and health professionals. However, there are important distinctions to be made beyond mere semantics. EMR‘s are electronic databases of patient information containing many variables including demographic, medical and financial data. These systems are frequently linked to enterprise systems to coordinate billing and scheduling, in addition to non-patient care tasks such as marketing. This is in distinction to a PHR that contains individual patient information. These data can be in any form. EMR‘s and PHR‘s can be merged, edited and retrieved in an electronic format and more broadly considered as an EHR.
The electronic health record (EHR) is traditionally a provider-controlled document. Managed care organizations and other payers can access EHR information to create standards for pay for performance programs for physicians and hospitals. Optimally, EHR data could be utilized in aggregate to develop improved standards of care, perform large epidemiological studies, and facilitate identification of patients exposed to a drug or device that has been recalled. Clinically, care provider to care provider transfer of information should be enhanced by an EHR. Improvements in documentation may optimize patient care, which arguably may reduce costs, improve collections. The extent of realization of these gains is not known.
As mentioned, above, the EHR may be comprised of individual PHR‘s. Traditionally, the personal health record (PHR) is patient-driven documentation. These systems are typically very user friendly, and are an important way for information to be passed between patients and providers. Many of the currently available PHRs offer additional benefits such as links to health newsletters and health encyclopedias. Most of the PHRs that were reviewed offer two to three levels of security and can include other personal information such as next of kin, insurance information, living wills, and emergency contacts. The PHRs are secure with username and password; there are restrictions regarding who can enter data, with this data being encrypted. These PHRs are made portable by using USB memory devices; some are accessed in a read-only manner for emergency services personnel. A few of the PHRs offered are free, but many are available at a very low cost. Well established internet companies such as Google and Microsoft are offering free online PHRs. As with the other PHRs, it is patient controlled data and access is controlled and the information is securely stored.
Disadvantages to the various PHRs stem from the design of the PHRs themselves. Since the information is entered and edited by the patient, there may be inaccuracies in health assessment. A patient could omit entire sections of his health record, even if it is vitally important to his overall care. The elderly population, who may not be as computer literate, may not utilize a PHR at all. Another important limitation is the security of the information.
To facilitate portability, many PHRs offer ID cards for healthcare providers to obtain access to the patient‘s data. For example, the site http://www.medsfile.com allows printout of the record with no personal identifiers, which adds to security and assists emergency personnel. However, a lost card can potentially give anyone access to the information. Also, end user failure to guard the information safely would allow unauthorized access to patient documentation, and could lead to identity theft. The numerous cases of laptops being lost containing critical personal information underscore this point. In consideration of portability, compatibility must be considered. If different databases do not afford for electronic interchange of data ,the benefits of a phr are lost.
A universal patient health records system implies a single medical document accessible by all of the patient's authorized healthcare providers. Secondly, a patient health record system (whether universal or not) specifically incorporates the input of patients in addition to the input of healthcare providers. One of the major criticisms of the existing healthcare system is that information exists in ―silos‖. The analogy aptly describes the situation where each patient‘s healthcare providers utilize an independent and separate health record. Within a single institution or healthcare provider group, multiple healthcare providers may be able to access the same record. When healthcare extends beyond these boundaries however, multiple duplicated health care records are created, resulting in the existence at any one time of multiple variably incomplete and semi-duplicated patient documents. The result is that healthcare, like the documentation which records it, ends up being fragmented and incomplete.
The increasing use of electronic documentation requires electronic storage. Onsite servers with backup redundancy are one answer while large terabyte repositories (with backup offsite storage) are another. There remains the possibility of server failure interrupting access to the EHR. Upgrading or changing software can leave an EHR unavailable unless an expensive data conversion is done. Many EHR programs are very expensive for small private practice offices. The cost impediment will slow acceptance of the project. Government financial support is being considered to advance the institution of office EHRs.
When considering these factors together it becomes apparent that a universal EHR and/or universally compatible EHR project should be considered. An important consideration regarding this undertaking is that stakeholders - individuals, clinical practice groups, agencies and political parties – may have non-congruent goals as they consider what technology, infrastructure, support is needed to achieve implementation of such an EHR.
What might an EHR do?
The ultimate potential of a universal EHR is not known. Advocates contend it has the capacity to improve patient care, research and public policy formation. However, the cost-benefit ratio and privacy concerns have yet be resolved. Though specific goals are innumerable, the generable objectives of healthcare information systems would be to:
improve quality
reduce cost.
In the short term quality improvement, monitoring and maintenance may add to costs. However, it is the response to these quality control outcomes that should decrease costs. Opponents contend that there is no definitive concrete evidence that EHR‘s improve healthcare, safety or decrease costs. They point to high EMR failure rates, implementation costs and low satisfactions rates. It is important to note that these, in general, have been experiences of enterprise EMR systems, not EHRs. Also, these experiences did not include data integration and intersystem sharing. Without this, the true safety and cost saving measures of an EHR are indeterminable. Additionally, both advocates and opponents agree that privacy must be an essential component to any system, and these details have not been agreed upon.
In order to be effective, an EHR must have data retrieval and manipulation characteristics over mere archival capabilities. Fortunately, the capabilities of existing EHRs‘ data mining (the process of locating and extracting information from a database; this data can be utilized in many different ways) functionality are established. The extent to which this data can or should be utilized is, however, still debated because the quality of research and public policy decisions will be proportional to the data and the manner in which they are stored. If erroneous data are input, suspect conclusions may be accepted as fact. In a universal system, this could have far reaching consequences in an environment with little checks and balances.
In the case of an electronic health record (EHR), these data typically pertain to protected health information, which is the focus of HIPAA regulations. When adequate safeguards are employed to protect the confidentiality of this information, it can provide researchers, policy makers and educators with extremely useful data. This information, or even access to the database, can also be misused with potentially serious adverse outcomes.
Like performing a search of the internet, choosing the correct terms or measures to perform data mining are critically important. In an EHR, there are hundreds of measures that are available to include in a search. Demographic data, such as age, gender, location, health insurance, or assigned provider can generate a useful denominator. The data can be searched by diagnosis, a specific medication or laboratory result, or other similar outcomes. Time is also a variable that can be included in the data search. Including time allows the interested party to identify and track trends in the data.
There are innumerable trends that data mining yields. Simple measures, such as weight or blood pressure, can help identify populations at risk for other comorbid conditions. More complex studies can track the onset of a diagnosis, the subsequent treatments, as well as the degree of their success in controlling the condition. The prescribing patterns of healthcare providers, particularly when it comes to trends in utilization of generic vs. branded medications, could prove useful in analyzing the escalating costs of healthcare. Public health and consumer safety is also served by data mining. A medication recall, as discussed above, is easily facilitated by having an EHR and using common data mining techniques to identify any patient that has had that drug prescribed. A target population for a specific intervention, such as an immunization, is also readily obtainable from an EHR.
The potential of abuse in data mining is a real and significant threat to the integrity of such a program. If personal health information becomes accessible to the wrong person, confidential information might fall into the wrong hands. Like any statistical measure, an incorrect assessment might lead to a faulty conclusion and hence a misappropriation of efforts, funding, or educational intent. In this case, it is not the technology or design of the data mining system that is in question, but the integrity of the person(s) involved in the process that could generate the error. Compliance and integrity are paramount characteristics to consider in this type of program.
Key Capabilities of the EHR
The key capabilities of the Electronic Health Record System per the Institute of Medicine of the National Academies (and examples) include:
Health information and data (easy access to old records and history),
Results management (searching and graphing results),
Order management (ordering electronically),
Decision support (treatment algorithms),
Electronic communication and connectivity (anyone within the network e.g. other hospitals or clinics can access all the patients records/tests regardless of location where they were seen/performed),
Patient support (maintaining vaccinations, tracking risk factors),
Administrative processes and reporting (quality assurance, tracking workflows),
Reporting and population health (determining morbidity and mortality within the hospital/units/clinics and comparing to local and national benchmarks). jph
Advantages and Disadvantages of EHR
Major Advantages include:
Single, sharable, up to date, accurate, rapidly retrievable source of information, potentially available anywhere at anytime
Reducing medical errors
Detect and reduce possibly harmful drug interactions and allergic reactions
Warning of abnormal laboratory results
Reducing redundancy of information
Potential for automating, structuring, and streamlining clinical workflow
Integrated support for various activities including decision support, monitoring, electronic prescribing, electronic referrals, radiology, laboratory ordering and results display – especially beneficial in managing chronic diseases
Maintaining a date and information trail that can be readily analyzed for medical audit, research and quality assurance, epidemiological monitoring, disease surveillance, billing, health trends
Support for continuing medical education
Reducing space and administration for medical records
Automatic ordering of supplies and budget generation. jph
Major disadvantages include:
Erosion of doctor-patient interaction (verbal and non-verbal communication) due to physicians staring at computer screen or tablet most/the whole time while talking to the patient, especially non-verbal cues which are very important.
Unauthorized accessing of patients records by instutiton members may result in HIPAA violations for the institution
Hackers breaking into the system : stealing personal information, altering medical history, disrupting operations
Computer systems are subject to power surges/outages which may suspend or eliminate access to records
Computer viruses may attack and destroy electronic health records if insufficient firewalls and/or backup copies in place
Not all providers (especially older computer illiterate) are able to work with EHR due to lack of computer skills or education
Lack of standardized EHR makes learning, communicating, and integrating health records challenging
Need to convert / enter / digitize paper records of patients seen prior to implementation of EHR's
Need for many more Information Technology personal to initiate and support the EHR System
Need for expensive hardware (computer systems) and software (medical records) as an infrastructure to the EHR.jph
Thoughtless use of template based systems tend to generate an overabundance of meaningless documentation that may not reflect the patient encounter. http://www.medscape.com/viewarticle/714812jfg
How will a project of this magnitude be funded?
The potential value of EHR to the healthcare industry at large as well as individual‘s health care is significant only if it becomes widely adopted by both individuals and healthcare providers. Additionally, the platforms must be secure and rapidly accessible and interoperable across different locations globally. Developing and implementing this technology on a widespread basis will take significant information technology expertise, innovation, and will have substantial costs. This leads to the question: How should the development and management of EHR be funded? Should the government subsidize this endeavor with taxpayer dollars? Should EHR be a for-profit endeavor? The private sector presently funds the majority of EHR initiatives, but federal funding/incentives have been provided. For example, Kaiser has spent billions of dollars to develop and implement its EMR. The federal government has encouraged electronic transitioning among practitioners and hospitals. Federal electronic health prromotions include bonuses for e-prescribing and filing under the auspices of pay for performance. However, the actual total amount of federal funding is unknown but it is certainly confined by existing budget deficits and competing priorities. President Obama‘s pledge to spend $10 billion per year to create and implement a universal EHR may fall short and others sources of funding are likely to be required. Additionally, government administered programs may carry the stigma of lack of efficiency and innovation, and not being as responsive to the user as those developed by the private sector.
Despite the potential value to stakeholders, it is likely that additional personal and business taxes to fund this project would be met with substantial opposition. Also, the use of taxpayer dollars may not be the most efficient way to rapidly establish a widely accepted EHR system that transforms the way healthcare is practiced. As long as healthcare is part of a market driven economy, market based (as opposed to tax-based) solutions are most likely. The entrepreneurial spirit present in the private sector should be leveraged to quickly innovate, develop, and institute a safe, secure, user-friendly EHR platform that can be accessed by individuals and institutions globally. These will include the networks of public, private and not-for-profit companies combining resources and expertise to gain large market shares. Competitions for prize money for developing or grants to develop the best EHR platform with regard to security (meeting government established guidelines), user friendliness, reliability, and ability to integrate with existing EMR systems may be one way to encourage innovation from IT experts.
What is the ideal EHR?
The ideal EHR would meet the needs of all stakeholders. In the case of EHR‘s the sheer number of stakeholders makes the development of a universally accepted system difficult. A federal solution is unlikely in the present market base healthcare system. Market forces will likely select the "best" EHR‘s in terms of utilization, but the developers‘ interests may be divergent from other stakeholders.
There are several secure, affordable, compatible,and user-friendly EHRs,although transferability and universal acceptance is years away.Accessibility for the patient as well as the care provider has to be as easy as the Capzule. Physicians can connect to their office records through their iphones and respond to patient problems much earlier.Sharad However, its "season" has come, despite not knowing what the final fruits of the season will be. Hopefully, a market solution will be created before a multibillion dollar EHR tax-payer funded bailout is mandated.
Design and Interface of the EHR
Should our goal be to have one national EHR system, or is it reasonable to have many systems so long as they are compatible and communicate freely with each other? I think only time will tell, however in the United States, the approach for now is multiple platforms and systems. What is important is to have the providers and key physician involved in the design and implementation of the EHR that will work best for them.
There appear to be two main structural elements to medical records: core components and then specialist sub-components.
Different user interfaces that can be used for the EHR (and their advantages) include:
Local Windows forms such as MS Access or Java forms on thin or thick client (flexible and wide range of functions);
Web pages on thin or thick client (flexible but limited functions);
Personal digital assistants or Pocket PC devices (portable and low cost)
Phone (widely available but limited data entry);
Scanned paper forms with optical character recognition (cheap but need checked and don’t handle free text well); and
Email (good to send warning or reminders, upload limited data, especially if user has no access to EHR) jph
Implementing EHR; Buy or SaaS?
Two ways to implement EHR exist, in general. One way is to buy the software from an EHR vender, and locally install the system onto your office workstation. In addition to having hardware (computers, printers, networking routers, scanners), you will need to buy EHR software and an in-house server for storing your patient’s medical records. Once installed onto your computer hardware, you are responsible for networking, IT and maintenance. Most of the time, the organization will need full time or part time IT team support to look after your system. This often involves substantial capital investment upon EHR implementation, and might work for medium to large size practices or hospitals. However, it will be difficult for a small practice or solo practice who might have limited revenue to keep up with the maintenance costs.
The other way to implement EHR, without much up-front cost, is to go with a Software as a Service (SaaS) provider. SaaS is a type of software deployment where a provider licenses an application (in this case the EHR application) to customers for use as a service on demand. In short, a customer leases the EHR application (web-based EHR) through a SaaS provider. This can be done by hosting the application on a SaaS provider’s web server or upload the application to the customer’s device. We often hear of resellers of an EHR vendor, and usually they are referred to as a SaaS provider. The benefit of this is to reduce or eliminate up-front capital investment, focus on budgets rather than infrastructure, gain immediate access to the innovative technology without buying, increased accessibility remotely and locally, and finally pay as you go (predictable costs). You still need to have basic hardware, however you do not have to worry about software malfunction or database server storage trouble-shooting onsite. You can see the advantages and disadvantages at http://www.ctsguides.com/software-as-service-saas-meet-emr-needs.asp oba
Data input into EHR; Typing, Template, or Voice commend?
Three ways exist to input your daily progress notes into an EHR system. One is to type your notes directly into the EHR database. If you are comfortable with typing fast, this option might work for you. A typing input prototype EHR system is VistA/CPRS from The Department of Veteran’s Affairs Medical Centers. The second way to input your daily data into an EHR system is a template based system. The template offers click and choose methods, reducing much of the typing requirement. Most of the EHR systems available from the industry offer template settings in their EHR systems. Now a new type of EHR software with voice command makes text typing not necessary for input of daily progress notes. This might work for a practitioner who is resistant to EHR systems due to typing issues. For example, the Precision Voice driven ChartLogic system provides EHR software to achieve highly accurate voice recognition. One of the newer EHR systems, Medisoft Clinical, offers a choice of data entry methods including templates with click and choose, speech recognition, transcription, digital pen and dictation. oba
HITECH Act
The Heath Information Technology for Economic and Clinical Health Act (HITECH) is part of the American Recovery and Reinvestment Act signed by President Obama on February 17, 2009. The purpose of the act is summarized in this quote from the President "To improve the quality of our health care while lowering its costs, we will make the immediate investments necessary to ensure that, within five years, all of America's medical records are computerized. This will cut waste, eliminate red tape and reduce the need to repeat expensive medical tests…But it just won't save billions of dollars and thousands of jobs; it will save lives by reducing the deadly but preventable medical errors that pervade our health-care system."[3]
To accomplish this goal, HITECH allocates $19.2 billion to accelerating the adoption of electronic health records (EHR), the majority of which (more than $17 billion) is in incentives to health care facilities and providers to encourage the adoption of EHR. In 2009, the Congressional Budget Office estimated 90% of physicians would adopt EHR by 2019 and the acceleration resulting from HITECH would save more than $60 billion in that time.[4]
An additional $2 billion is allocated to the development and support of health information technology (HIT) education. This includes grants to institutions of higher education to expand medical infomatics education and integrate this with the education of healthcare professionals. HITECH specifies $598 million for the creation of the Health Information Technology Extension Program wherein nonprofit organizations receive government grant money to establish and operate 70 Health Information Technology Regional Extension Centers, which will provide hospitals and clinicians with hands-on technical assistance in the selection, acquisition, implementation, and meaningful use of certified electronic health record systems. [5]
The act includes new security precautions “strengthening Federal privacy and security law to protect identifiable health information from misuse as the health care sector increases use of Health IT”.[6]The data mining for profit industry is forbidden from selling health information without the individual’s permission. Porviders must attain authorization from the patient before utilizing health information for marketing. Patients are entitled to an audit trail showing all releases of their information, and notification of any unauthorized disclosure.
HITECH includes a process for developing standards for the exchange of information and a voluntary certification process for HIT products.
The implementation of HITECH is the responsibility of the Office of the National Coordinator for Health Information Technology (ONCHIT) created in 2004. jfl
Safeguarding EMR Security and Privacy
The safeguarding of our EMR database is perhaps a bigger problem than one might imagine. As mentioned earlier, hackers will have a hayday with this information. The conflicts of interest between patients, providers and payers will most certainly open up the doors for finding ways to beat the system. The need to explore the avenues available to hackers should be clearly studied by IT system engineers. Only then can these doors be locked. The problem with tight security is that it limits the functionality of the format. All of the issues that affect funtionality must be in place. Obviously, one of the most interesting findings as you read the mass of information already available, is that primarily payers are the ones setting up the PHRs to date. There are a few private for profit groups, however, the payers do have conflicts of interest where obtaining access to the EMR is concerned. For example, in the locale where I have practiced for 20 years, a radiologist starts every chest x-ray report by stating "COPD", even on children's chest films. Once discovered by the payer, that erroneous finding will create insurance problems for the insured. The payer has a vested interest in collecting premiums, while denying benefits. Any format that gives the payers access to priviledged information, or information that may be subtly altered can affect the insured's insurability. Additional problems include the myriad of hardware and software that is easily available to gain illegal entry into the EMR. For example, the "KEYLOGGER" is a small flash drive type of device that can be easily plugged into the USB end of any keyboard. The hacker, whether office employee, janitor, or other person, can retrieve every keystroke made on that computer easily. All passwords and confidential data will be stored. The hacker can gain entry into any computer and access any file with the illegally gotten passwords. There are remote access software disks that can be installed to further complicate this problem. There is no point to pretend that this is not going to happen, because it already is happening. Included here are several links that provide information on the expected security and privacy issues that we normally think about related to the EMR. I will first include these in the form of an annotated bibliography, then will finish with including some of the sites where the hackers find information. This is a very real and threatening problem. Fact Sheet 8a - HIPAA Basics - Medical Privacy in the Electronic Age This site is an all inclusive collection of the reasons why privacy and security is important in the age of EMR. It is filled with information and links to much of the important work that has been accumulated on this subject, not limited to, but including: HIPAA Privacy Rule: Benefits and Shortcomings? - Who Is Covered by HIPAA? Who Is Not Covered, Medical Information: What Does HIPAA Cover? - What Is "Protected Health Information?" What Is "Minimum Necessary?" - Control of Your Medical Information: " Consent" and "Authorization" - More About Your Right to Access Your Medical Records - Your Health Records and Your Employer - Your Health Records and the Government - Your Health Information and Your Credit Report - HIPAA and Your Daily Routine - Complaints and Penalties for Violations - The HIPAA Security Rule - Electronic Health Records (EHRs) - The 2009 Stimulus Law, Electronic Health Records, and Privacy - Health Information Privacy in California - Tips for Safeguarding Your Medical Information - References and Resources. Privacy Rights Clearing House. bal 1. http://www.privacyrights.org/fs/fs8a-hipaa.htm Security:the case study commentary begins by stating the central ethical dilemma: "whether physicians are required ethically and/or legally to record information that could, due to an increasingly accessible medical record, harm the well-being of patients. Inability to guarantee the confidentiality of sensitive and potentially harmful information strikes at the core requirement of the doctor-patient relationship: trust. Without trust, patients do not feel that they can disclose intimate and potentially embarrassing and/or damaging details of their lives that physicians need to diagnose and treat effectively." **Ethics Case Study**. A general internist working for a large managed care organization is asked by one of her favorite patients not to document in his electronic medical record (EMR) her prescribed treatment for an acute grief reaction to his secret male companion's death. "'Doctor, I can't believe you are so naive,' he says. 'I'm in Army intelligence. I can promise you there are 10 ways I could breach the confidentiality of the medical record system right now if I wanted.'" Confidentiality is not absolute from a legal perspective, and records used for other functions bypass the physician's protection. Beyond the basic dilemma, the advent of electronic charting and prescription distribution has resulted in breaches of patient confidentiality in ways that would have been unthinkable 20 years ago. We are reminded that "already, the sale of data from these sources to insurers, private companies, government agencies, and financial institutions has become widespread, much in the same way as credit information is exchanged." For example, businesses openly advertise background check services, where for a name, address, date of birth, social security number, and an undisclosed fee clients can purchase, among other things, the clinic name and date of that person's clinic visits for the past 10 years.The recent National Research Council report concluded that "the primary threats to the confidentiality of patient information originate from the lack of controls over the legal (and generally legitimate) demands for data made by organizations not directly involved in the provision of care," such as health services researchers, public health agencies, managed care organizations, insurers, and self-insured employers. Is the perceived erosion in medical record security so real that physicians should consider adjusting their records' contents? Should theoretical security risks enter at all into how physicians chart and maintain patient records? bal1
2. http://www.medicalcomputing.org/archives/0nvemrsec.php – EMR and HIPPA - November 11, 2009
I was on our user’s forum reading about a security flaw in our EMR. There were some discussions about the ability to circumnavigate prescription privileges and have your staff write themselves narcotics…. I had our IT guy spend some time in the system. He was able to determine that one of our staff members had in fact been printing out an old script that had been written in the past and manually faxing it to pharmacies around town. The problem with the software is that it lets you print out a script from a locked note, and it prints out with the present date so it can be filled! bal2 3. http://www.emrandhipaa.com/category/emr-security/ -Home > EMR > Posted on June 22, 2009 by Colin J. Zick
In what it describes as an effort "[t]o protect the privacy and security of patients," the American Medical Association (AMA) last week adopted a lengthy report and related principles for physicians to follow in the event a patient's electronic medical record were to be breached. bal3
4. http://www.securityprivacyandthelaw.com/tags/emr/ New Study: Patient Privacy Rules Hamper Adoption of Electronic Medical Records: Home > Healthcare Industry Spotlight > New Study: Patient Privacy Rules Hamper Adoption of Electronic Medical Recordsbal4 Posted on April 29, 2009 byJeff Bone: 5. http://www.securityprivacyandthelaw.com/2009/04/articles/medical-information/new-study-patient-privacy-rules-hamper-adoption-of-electronic-medical-recordsPrivacy and Security Issues: By Trisha Torrey, About.com Guide - Updated February 19, 2009
When it comes to electronic health and medical records (EMRs), the digital technology has a few limitations. From the mechanical ability and methods for storage and transmission, to the ways they can be accessed, new and more advanced systems are becoming available every day.
However, definite limitations and issues arise from the implementation and use of EMRs and PHRs (personal health records). You may have already reviewed the hurdles created by the local nature of EMRs and their lack of standardization. Additional problems exist with security and privacy of these records. Security Questions for EMRs - Security is potentially a major problem. There may be no system in the world that is entirely uncrackable, including EMRs or PHRs. Think back during the past few years to the losses of credit card records at large retails chains, or the 2006 Veterans' Administration loss of its patients' records. Despite tight security on these systems, data was lost or accessed by others who should not have access…When it comes to EMRs, patients have little say in their participation; therefore, even if they have concerns about their records being a part of an EMR, there is almost nothing they can do about it…With PHRs, however, patients have much more ability to control content and access. Because these records are developed by a patient for himself, the patient also determines who has access, and how that access is made. Privacy Questions and HIPAA - Privacy is a similar concern. HIPAA, the Health Information Portability Accountability Act, federal law, determines how health information may be shared electronically. bal5 6. **http://patients.about.com/od/electronicpatientrecords/a/privacysecurity.htm**bal6
School of Management, New Jersey Institute of Technology, Newark, NJ 07102, USA. ' School of Management, New Jersey Institute of Technology, Newark, NJ 07102, USA. ‘Computer Information Systems, Georgia State University, Altanta, GA 30302, USA. ' School of Management, New Jersey Institute of Technology, Newark, NJ 07102, USA
The conflict between the sweeping power of technology to access and assemble personal information and the ongoing concern about our privacy and security is ever increasing. While we gradually need higher electronic access to medical information, issues relating to patient privacy and reducing vulnerability to security breaches surmount. In this paper, we take a legal perspective and examine the existing patchwork of laws and obligations governing health information in the USA. The study finds that as Electronic Medical Records (EMRs) increase in scope and dissemination, privacy protections gradually decrease due to the shortcomings in the legal system. The contributions of this paper are (1) an overview of the legal EMR issues in the USA, and (2) the identification of the unresolved legal issues and how these will escalate when health information is transmitted over wireless networks. More specifically, the paper discusses federal and state government regulations such as the Electronic Communications Privacy Act, the Health Insurance Portability and Accountability Act (HIPAA) and judicial intervention. Based on the legal overview, the unresolved challenges are identified and suggestions for future research are included.
No sophisticated hacking skills, software, or hardware are required when authorized users can be mislead into revealing their user name and password via a phishing scheme.[7]
Annotated Bibliography
http://engineers.ihs.com/news/2006/aiim-astm-ehealth.html is an engineering standands website. This 2006 article talks about a novel .pdf/h platform for electronic health records. The .pdf format will accept all types of medical information including images, text and graphics. The working group included the AAFP as well as Intel and Adobe and several others to create a ―est practices‖guide to facilitate the capture of data and make it secure. Its portability can be done with USB memory sticks. It will give patients more control over their health information. There is a list of associated ehr standards accompanying the article covering formatting, nomenclature, and other necessary standards.
http://www.healthvault.com is a personal health record created by Microsoft no longer in beta testing. It offers https encryption as well as SSL secure transmission of information. The healthvault can be used to set up single or family accounts, using the Windows Live username and password. Sharing the information with others is by invitation only except for healthcare professionals or for legal purposes. The program allows links to other programs that can be used for personal health programs. Control of the data is personal but at different levels. Anyone with custodian level access is able to alter and/or delete all information. That person can also exclude the original custodian from access, a dangerous situation. Microsoft adequately warns in its privacy statement about this possibility. Many of the linked programs are phrs, and others are information sites such as the Mayo Clinic Health Manager. The entering and editing of data is tedious in HealthVault due to the manual nature of entry. This could be a negative factor for the elderly. The HealthVault website will lock you out if there is no activity for twenty minutes, and unsaved data is lost when you reenter the site. The Mayo Clinic Health Manager is one of the linked programs and is a better interface. It works in conjunction with Healthvault very well and has several trackers to follow weight, BMI, Cholesterol levels, etc. Its editing function is better than that of HealthVault. Overall, HealthVault is a good phr site, and its partnering links are very useful.
http://www.pdhi.com, the website for ConXus Health Improvement platform, under the name of PDHI, protocol driven healthcare, Inc. ConXus has several tools to be used for health risk assessments that its clients can access. A phr is part of the module but the product is aimed toward employers, health plans and hospitals for their members. While it can interface with a member‘s emr, it does not seem to be either a true phr or emr/ehr. The data storage site is very tightly protected with guards, alarm doors, and other protections for the data storage. This option is central web based data management. A key feature is third party data importation/exportation. Its stated market is health plans, hospitals, brokers and health improvement companies.
https://www.google.com/accounts/ServiceLogin?service=health is a service of Google health. It is similar to the Healthvault service with several linked associated services and an ability for the user to control the health information. The site allows the user to build a health profile and track changes. Google offers links to online health-related educational material. The service does allow HIPAA partner linking to other holders of the user‘s health information, such as a personal physician or pharmacy. That data can be linked to the Googlehealth account. Access is through a Google username and password, offering security. The privacy policy does not allow sharing of personal health information. Google does collect aggregate data for some purposes but it is never personally identifiable. A partial ―ealth history‖can be viewed by physicians. Google allows the user full control of the information including deleting all information found in the account. The service is free. To evaluate the site, a health profile was created. A component of this site is a shell repository for basic, personal medical information. There are links to find a doctor and import medical records. This appears to be an electronic phr (personal health record) site. However, its partners include notable hospitals, clinics, pharmacies and healthcare provider rating services.
http://www.ihealthrecord.org is now part of Medem. The backbone of the site is a series of checkoff options that are then added to a phr that can be placed on a wallet card. Access to the information can be granted to others, including personal physicians. While the site is easy to access and the entry of personal information is easy, the checkbox system is limiting in the options to check. I found the immunization module to be outdated. Some procedures, such as MRIs are found in the surgery module, which might confuse older patients. The site does allow printing of the full phr or just the wallet card. There is a patient library that can be accessed as well as a message center that will deliver information on programs that interest the patient. The ihealth record is secure and email addresses are not divulged to anyone. The privacy policy protects personal information. Linked sites are not protected by the Medem privacy policy, a standard disclaimer. The privacy policy is written in an easy to read font and is only one short page long. I found no statement regarding security of the personal information, such as encryption of the data. As a phr and to create a wallet card it looks very adequate. As a full phr it needs improvement.
https://secure.er-idcard.com/ is ER-id, portable phr, editable only by the owner, but with a name and member number, can be accessed by a professional. It appears that the information is kept at er-id and communicated to a provider over the Net. It gives a good measure of portability to the health record, but editing is up to the patient who is the only one who can open the file to write to. Membership is $30/yr single, max $84/yr for very large families. Good security and portability.
http://www.onlinehealthrecords.com myphr.ca is a Canadian site. It proudly proclaims privacy as No.1 priority. The website itself is not well created and the links alluded to are nonexistent. It has a lot in common with er-id cards. It too is self edited by the patient or his representative. What about the internet illiterate? This personal hr does two good things: it logs anyone who accesses the information and which information was examined. It claims to organize everything in one site. Membership is free. I asked the company a few questions about myphr.ca. After contacting the company here are some of the responses:
1. MyPHR.ca is not just for Canadians. In fact, because our company and servers are situated in Canada our customers’ information is not subject to the US patriot act.
2. Yes, health professionals can have their own emergency login to see members’ profiles without the member's username and password. All the health professional and emergency responders have to do is create an account and request a health professional login (and once verified as such) they can login and then enter a member's 12 digit number to see a "read-only" profile of a member's health information.
You can have all of your patients create an account for free (and have them enter their information online) and then you can see their information online at www.myPHR.ca or mobile device (such as a Blackberry/Palm) at www.myPHR.ca/mobile 24/7 where ever you are.
http://www.aetna.com/news/2006/pr_20061003.htm is a phr developed by Aetna. Most of the information is filled in automatically by Care Engine, which is actually a relational database that searches claims records and pharmacy fills. There is an area where the patient can enter and update other items. Its portability is that it can be printed out to give to physicians. Physicians also have access to the data. Its strength is in its database capabilities to automatically access information and update the phr. Aetna will send alerts to the patient and physician regarding cross reactions, medications to refill, and tests/exams that need to be done. These are some very nice features. Security features are password encoded. It is web based for access. Its weakness is that it is linked to the insurance company. If your employer changes policies, can you still access the data and give it to your physician. If not, at that point the information becomes static and out of date and it decreases in value unless Aetna
sets it up independently of its insurance function and allows anyone to purchase and use it. But then how does Care Engine access the claims data. STD, HIV, and family planning information are not automatically entered and must be entered by the patient. There are more questions from my initial review than answers. Question on alternate (non primary) provider access to the information—the ER or out of town visit (snowbird phenomenon). Their data will enter the system via claims, but how do these providers access the information in emergency situations. How do you correct a misdiagnosis?
Soarian Integrated Care by Siemens is more than just an ehr product but rather a complete practice management and computer aided diagnosis‖package. It has several modules that you can add for more complete management but our quest is to identify how to make ehr and the phi portable and private. The setup looks very expensive, a barrier for small practices and individuals. The Soarian portal allows for online access by providers. There is little information about the personal health record, but the EMR, called the online medical record, appears to be very strong. We are looking for nationwide access to phr that can help in patient care. The website only indicates that Siemens will assist you in building a phr.
http://www.allscripts.com/products/electronic-health-record/default.aspAllscripts had partnered with Microsoft in 2006 to develop EHRs. It has since branched out forming other IT and content provider partnerships. To date it has 150,000 physician participants. Its focus includes business and office management as opposed PHRs, alone.
http://www.indcaremgmt.com/onlinepersonalhealthrecord.htm. is a case management site and can‘t be accessed unless you have a member id. From the webpage it looks like they do case management for employers, etc. and offer to customers a personal health record. I could not look at the form of the record itself or how it keeps things secure.
http://www.healthrecordsonline.com/ This site, Canadian based, offers secure servers to store one‘s medical information. All data is sent encrypted, and there is a three-step security system to ensure no one can have access to your records except you. Access is via the internet. It appears that the patient adds/updates the information, so it could be biased or susceptible to errors. There is a section for physician notes to be added, but the patient has the ability to delete entries at his or her discretion. It costs $44 per year (Canadian dollars) for this service. I think it would be great to have if one does a lot of travel, but would not be optimal from a physician‘s perspective to replace the patient‘s original chart, whether paper or electronic.
http://www.accessmyrecords.com/index.htm. Another site where personal health information, entered by the patient, is stored and that is accessed via the web. The patient carries a card with his ID number on it and this will allow anyone to access the record; there is encryption but no super-secret password. The data can also be accessed on a cell phone, if that is the only system available to the emergency responder. It is $30 annually, $50 for a couple and only $20 per child. Very affordable, and would appeal to travelers, but access is possible by anyone who obtains your ID card, so is less secure. The entry of data is 100% controlled by the patient as well; there is no option for a physician to add entries unless the patient scans records into his or her MyAccess chart.
http://www.chartaccess.com/html/services.html. This site is an online service to request copies of medical records, and then view/retrieve them via the internet. They make a big push about customer service, promptness and accessibility in particular, towards the requesting entity. Their primary service is attending physician statements for the insurance industry. The request is made on-line, and frequent status reports of the request are available. Fees are not disclosed for this service. One advantage is that the entire process, including viewing the records, can be handled in a paperless method and is very customizable.
http://www.ehealthglobaltech.com/ Another provider of records retrieval services, like chart access. The site is as much an advertisement about the company, with press releases and financial reports, as a portal to obtain medical records in a completely electronic format. They do have a global network with several more specialized subsidiaries, which include research and digital radiographic images. The company appears well organized and has a whole section where all the various stakeholders in Health Information Management are able to see where ehealth will interact and likely benefit them. The website is exhaustive; they seem to have thought of everything. Despite this impression, one cannot find out the fees for this service unless you make direct contact with a customer service representative.
http://www.medfusion.net. This company develops secure patient-physician communication systems which provide many levels of service. From requesting appointments to facilitating doctor-patient communication, mass e-mailings to patients, as well as individualized messages. The service includes training of client office staff and broad technical support. Patients can use this product to complete forms and pay bills online, request prescription refills, and communicate with the office staff directly. There is also a medical record that is partially controlled by the patient, but the specifics are omitted. It is difficult to determine the cost of the product without making contact with a sales representative, but like many of these EMR-related sites, there is a ROI calculator which likely can demonstrate a positive yield using medfusion‘s numbers. They offer many other services not at all related to an EMR, such as helping develop an intranet or webpage for the healthcare provide.
http://www.amazingcharts.com/company/companyframeset.html. This physician developed EHR has been implemented into 2000 offices. Its benefits include chart and schedule integration with low licensing fees ($995). I was able to download a trial version of the program. It is quite easy to use, but its lack of sophistication would make add-ons (X-rays, EKG‘s, Labs, etc) difficult.
http://www.cchit.org Certification Commission for Healthcare Information Technology. This nonprofit organization has the goal to ―accelerate the adoption of health information technology by creating an efficient, credible and sustainable certification program.‖
Site includes a list of CCHIT certified ambulatory, inpatient, emergency and information transfer EHR providers and information of certification requirements. The mere existence of this site points to some of the challenges facing EMRs developed in the private sector.
http://www.gehealthcare.com/usen/hit/products/centricity_practice/emr_index.html. GE Centricity GE offers personal use and enterprise software. Potential advantages include data integration (GE media platforms are available) and web/network based portals. Operational benefits include data mining programs for business units which are optional.
http://www.nextgen.com. This product appears to be very similar to the Centricity system, but more end user focused. I tried out the online Demo and previewed the version for our institution. It will likely require the use of a scribe to allow efficient use that does not interrupt the typical human interface between patient and physician.
http://www.practicepartner.com. McKesson Practice Partner. McKesson recently acquired Practice Partner which was originally founded in 1983 as Physician Micro Systems. Its focus is integration of appointments, scheduling and patient information with billing features. McKesson is already a major force in healthcare operations and has partnered with Oracle, Citrix and Microsoft (SQL Server).
http://www.webmd.com. is the WebMD site. To better evaluate this feature I completed the two minute registration. It is a basic PHR platform with health assessment and information sharing options. A weakness includes the lack of data importation.
http://www.iom.edu. Institute of Medicine. This influential health policy institute‘s website contains a number of reports advocating the use of electronic medical records to improve patient quality. Specifically addressed are the potential uses of data mining to monitor diseases, treatments and trends. http://www.iom.edu/Reports/2003/Key-Capabilities-of-an-Electronic-Health-Record-System.aspx A site within the main IOM that outlines the key Capabilities of the EHR system. The report was sponsored by the U.S. Department of Health and Human Services and is one part of a public and private collaborative effort to advance the adoption of EHR systems. jph5
http://www.kaiseredu.org. The Henry J. Kaiser Foundation. The Kaiser foundation has summaries of health information technologies and links to related sites. Particularly useful is its breakdown of electronic health records and associated costs.
https://www.kaiserpermanente.org. Kaiser Permanente, the nation‘s largest HMO/insurer offers on its site ―y Health Manager‖and ―y Medical Record‖features that are extensions of its ambitious EMR project.
http://www.healthcareitnews.com. Healthcare IT News. This site covers the expanse of healthcare information technology. In particular news and evaluations of EMRs and PHRs are presented.
http://www.revolutionhealth.com. Revolution Health, like Google, Microsoft and WebMD, this software offers a PHR option at no charge. It is similar in content and format to WebMD, but it offers less personal diagnostic and self help options.
http://www.nehii.org/ NeHII, Inc. is a health information organization, providing services that securely exchange important clinical information among physicians and other health care providers, real time and at the point of care.Created through collaboration among a group of Nebraska health leaders, NeHII serves more than half of Nebraska's population and continues to grow.Through its secure electronic exchange of patient medical information, NeHII is hoping to contribute to the quality of health care while helping to control the escalating cost of health care in Nebraska and the U.S.The initiative began early in 2005 when several individuals representing health organizations gathered to discuss the need to create a statewide health information exchange (HIE) for the betterment of patient care in the state. The exchange would enable physicians statewide to view consolidated patient medical history at the point of care, improving safety and care delivery while reducing duplicate or redundant procedures.
This organization is an interesting concept as a clearing house for electronic medical data. However, the success in Nebraska will depend on 100% participation. The goal is to ultimately engage other states in a similar concept in order to share information and data. This site tends to be self-promoting. willisc1
http://healthaffairs.org/ This is the website for Health Affairs, a journal of health policy thought and research. The peer-reviewed journal was founded in 1981 under the aegis of Project HOPE, a nonprofit international health education organization. Health Affairs explores health policy issues of current concern in both domestic and international spheres. Every article Health Affairs has ever published is available online at www.healthaffairs.org. All readers have free access to selected Health Affairs journal articles at time of posting (Web Exclusive for two weeks, Editor’s Choice articles for two months); all journal articles three years old or older; and all //Health Affairs// Blog content. The full twenty-six-year article archive is online. The site also provides search capability within Health Affairs’ full archive. E-mail alerts and RSS feeds are available. This site is all encompassing with currently 121 articles on health information technology (HIT) and 571 articles that discuss health information exchanges. The abstracts are free but do require a subscription to download the full-text PDF for articles that are within the last three years (except as described above). willisc2
http://content.healthaffairs.org/cgi/reprint/24/5/1127 This is an article entitled The Value of Electronic Health Records in Solo or Small Group Practices. It is linked to the main healthaffairs website (see above) that looks at the value of EHR in solo and small medical practices. Even though this was written in 2005, many of the priciples and conclusions about the financial viability of such endeavors still hold. It is a well-organized study that compares two EHR systems in eleven different practice settings. The format of their study is a valuable format that could be used for evaluating EHR systems in larger practice settings and hospitals, as well. Conclusions about cost benefit analysis of EHR systems in these small practices can help policy makers formulate better financial and nonfinancial incentives for EHR use. The authors address the cost to providers, the time to recoup those costs, risk, and time benefits and quality of life associated with implementing EHR. willisc3
http://www.eclinicalworks.com/ eClinicalWorks is a privately-held, profitable company formed in 2000. It does not have outside investors. eClinicalWorks employs more than 800 people across its Westborough, Mass., headquarters and New York and Georgia offices.It offers EMR/PM solutions in all 50 states, with more than 30,000 providers using eClinicalWorks. eClinicalWorks is utilized in large hospital systems and affiliated physicians; large and small health systems; large and medium medical group practices, including FQHCs and community health centers; and small and solo provider practices. The company offers EMR solutions, a health exchange, patient portal and practice management solutions. It was chosen by the New York City Department of Health and Mental Hygiene as its EMR/PM solution in 2007. There is an online demo of their services or you can schedule a demo. The company has a 98.9% renewal rate based on figures from maintenance contracts and Software-as-a-Service (SaaS) renewal agreements. The company reported $85 billion in revenues in 2008. The company’s success spurred a Harvard Business School case study, titled “eClinicalWorks: The Paths to Growth,” by Professor Robert F. Higgins that is available at www.harvardbusinessonline.com. willisc4
http://www.klasresearch.com/KLAS Enterprises is an independently owned LLC and monitors vendor performance through the active participation of thousands of healthcare organizations. KLAS helps healthcare providers make informed technology decisions by offering accurate, honest, and impartial vendor performance information. KLAS focuses solely on healthcare technology. Their main areas of research involve software, service firms, and medical equipment. They have an extensive vendor directory. willisc5
http://www.openclinical.org/emr.html OpenClinical is a not-for-profit organization created and maintained as a public service with support from Cancer Research UK under the overall supervision of an international technical advisory board. The OpenClinical Web site is aimed in particular at healthcare professionals and managers, medical informaticians and computer scientists and industry. It is designed to be a "one-stop shop" for anyone interested in learning about and tracking developments on advanced knowledge management technologies for healthcare such as point-of-care decision support systems, "intelligent" guidelines and clinical workflow.jph1
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2670325/pdf/jcsm.5.2.101.pdf Quan, SF. The Electronic Health Record: The Train is Coming. J Clin Sleep Med. 2009 April 15; 5(2): 101. A nice brief editorial about the pros and cons of the EHR written by a physician from Harvard Medical School on the front line and who has been working with various EHR’s for some time. jph2
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1480192/ Pallav Sharda P, et al. Specifying Design Criteria for Electronic Medical Record Interface Using Cognitive Framework. AMIA Annu Symp Proc. 2003; 2003: 594–598. jph3
http://groups.csail.mit.edu/medg/ftp/psz/EMR-design-paper.pdf Fraser HSF et al. Implementing electronic medical systems in developing countries. Informatics in Primary Care 2005;13:83–95. A nice review on the EHR in general as well as its design and possible application in developing countries by authors from Harvard Medical School.jph4
http://www.omnimd.com/ From EMR to practice management to electronic claims Omni offers a comprehensive set of support services such as medical billing and transcriptions as part of an integrated solution under one roof.ippo1 http://www.hospimedica.com/index.php?option=com_article&Itemid=294727142Vendors and hospitals that affiliate with the physicians, and not government initiatives, will ultimately determine if doctors in the United States adopt electronic medical records (EMRs), according to a new report from Kalorama Information (New York, NY, USA), a healthcare market research firm. ippo2. http://assets1.csc.com/health_services/downloads/CSC_Update_on_Meaningful_Use.pdfOverview of meaningful use criteria to qualify for government reimbursement for developing EMR. To get the maximum Medicare payments, eligible providers need to qualify by CY 2012 and hospitals by FY 2013. Meaningful use requirements are still grouped into three stages but the designations are no longer tied to dates (2011, 2013 and 2015):Both physicians and hospitals also need to meet Stage 3 criteria by 2015 to avoid Medicare penalties.ippo3 http://www.athenahealth.com/our-services/athenaClinicals.php?open=20Is an offering of a Web based unique service model EMR. It boasts the ability to keep up with government mandates. Athena will be constantly integrating changes into the web-based EHR without additional cost to the practice or disruption to daily workflow. ippo4 http://www.springerlink.com/content/38315l1701454702/Neutral Implanted Data Collection Interface requires a fundamentally different infrastructure. The emergence of wearable and implanted mobile technologies, employed in distributed environments could serve to minimize existing adoption resistance. ippo5 http://en.wikipedia.org/wiki/Health_Level_7Concerning interoperability, HL7 specifies a number of flexible standards, guidelines, and methodologies by which various healthcare systems can communicate with each other. Such guidelines or data standards are a set of rules that allow information to be shared and processed in a uniform and consistent manner. These data standards are meant to allow healthcare organizations to easily share clinical information. Theoretically, this ability to exchange information should help to minimize the tendency for medical care to be geographically isolated and highly variable. ippo6 http://www.bitwork.com/google/ha.htm?gclid=CPGKk8K1rJ8CFcx25QodWyPT0gThe Compliance Auditor interfaces with EMR to monitor who is accessing which patient records. Each provider’s implementation and interpretation of HIPAA are different. The flexibility of a Compliance Auditor appliance from Bitwork allows a practice to easily create audit reports. The government may require a privacy audit of EMR systems to determine who looked at any specific records, or whether someone is accessing records of VIPs, family members, or employees. ippo7 http://www.idtheftdailynews.com/articles/44266/four-out-of-five-healthcare-it-pros-had-at-least-o/According to a newly released survey, 61 percent of health IT practitioners doubt that their organizations have the resources to meet privacy and security requirements, while 70 percent say senior management isn't making data protection a priority. ippo8 http://www.law.uh.edu/healthlaw/perspectives/2006%5C%28JM%29E-RecordsFinal.pdfAlthough there is great potential in the EMR technology, it is still unaffordable for most hospitals, group practices, and definitely for solo-practitioners. Furthermore, every healthcare institution and physician is aware that, after taking on the sunk costs of acquiring EMR technology, there is no guarantee that it will not become the next laser disc or that a newer version will not eclipse the previous model every three months. Additionally, there are the opportunity costs: The amount of money a healthcare institution spends on EMR technology in order to improve healthcare is money that the institution will not have to acquire other resources to provide healthcare. ippo9 http://www.ncbi.nlm.nih.gov/pmc/articles/PMC116296/pdf/0030139.pdfThe goal of information privacy raises issues of access control (user authentication and authorization) and the application of cryptographic protocols for data transmission and storage.
The authors review the conflicting goals of accessibility and security for electronic medical records and discuss non-technical and technical aspects that constitute a reasonable security solution. It is argued that with guiding policy and current technology, an electronic medical record may offer better security than a traditional paper record. ippo10 http://www.medicalrecordshow.com/why-avoid-documenting-by-texting-because-you-dont-mess-around-with-slim/The process of logging information into an EMR system will require doing away with free text input. ippo11 http://en.wikipedia.org/wiki/Microchip_implant_(human)#Security_risks http://en.wikipedia.org/wiki/Microchip_implant_(human)#Medical_records_useDiscusses the future application of implantable chip technology for EMR along with security issues and ethical considerations. Risks of implantable devises may include subcutaneous sarcomas, burn injury in MRI machines, vulnerability to third party scanners since these chips are unencrypted. On a positive note they can be use as GPS locators for lost individuals.ippo12 http://en.wikipedia.org/wiki/Electronic_medical_record#Legal_status EMR can be used to monitor and predict clinical events and ultimately prevent an adverse event. EMR can be use to transfer patients GP2GP. ippo13 http://www.texmed.org/Template.aspx?id=5969Discusses the function of electronic signatures and the digitized encryption that binds documents to a unique number or electronic fingerprint. A digitized signature is an image of a pen-to-paper signature. An electronic signature can be an electronic sound, symbol, or process associated with a record. It is a mark added to a document to indicate intent to sign.ippo14 http://www.reportbuyer.com/pharma_healthcare/technology/u_s_markets_emr_electronic_medical_records_technology.htmlThis 140 page report for sale provides information on the most important companies competing in this market. Vendors are a vital part of shaping this industry, but having the competitive intelligence is just one part of advancing this industry. This discusses the kinds of plans vendors are offering and how much the vendors expect to compete for in the next five years. Physician Preference on EMR Features are also discussed. ippo15
http://emradvice.wordpress.com/category/ehr-regulations/ Health care providers most frequently have cited cost as a primary obstacle to adopting an [EHR] system.
Using EHR reduces costs by almost annually, and nearly two-thirds of the savings were associated with reducing the amount of time for manually pulling charts. ippo16 http://www.emrexperts.com/emr-roi/index.phpA Return on Investment (ROI) or Cost-Benefit Analysis study is performed anticipating a technology purchase for a healthcare organization. This is especially true for Electronic Medical Record (EMR) software where the cost benefits can vary greatly from installation to installation. This article discusses the ROI for independent single physician practices.ippo17 http://www.infoway-inforoute.ca/
As a not-for-profit organization funded by the federal government, Infoway works with the provinces and territories to foster and accelerate the development and adoption of pan-Canadian electronic health information systems. Once these technology systems are up and running, health care professionals will have ready access to accurate and complete patient information. Also, Canadians will be able to access and manage their own health information electronically. What this means is better communication between health care professionals and a clearer understanding of what patients need. Thanks to the growing implementation of EHR technology, many Canadians are already realizing some significant benefits such as faster, more accurate diagnosis, and shorter wait times for treatment, safer prescriptions and better access to chronic disease management. glj1
http://www.cmpa-acpm.ca/cmpapd04/docs/submissions_papers/com_electronic_records_handbook-e.cfm
This website, CMPA (Canadian Medical Protective Association) speaks of implementing and using electronic medical records and electronic health records. More specifically, it describes the regulation of electronic records, patient consent and rights to access, security and privacy issues, maintaining data integrity, sending / transferring records, destroying / disposing of records, data sharing and inter-physician arrangements, and emerging issues (PHR – Patient health Record). glj2
http://www.longwoods.com/product.php?productid=16865
This website describes how one province in Canada, Alberta is at the leading edge in developing its electronic health record (EHR). The site describes the provincial initiative to provide healthcare providers with immediate access to a patient's medication history and laboratory test results, regardless of where they are in the province, or where the patient's drugs or other treatments were ordered. The Alberta EHR was launched in October 2003. So far 6,000 healthcare providers have voluntarily signed on to use it, and benefits to patient safety have been reported. The EHR is an important part of healthcare renewal that is required to improve patient safety; however, it must not be viewed as a stand alone cure-all solution to Canada's patient safety challenge. glj3
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=960233 This is a paper by Miller A., and Tucker C. titled “Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records" (February 2009). The authors examined the impact of privacy laws on EMR adoption. They found that state privacy protection of hospital medical information inhibited EMR adoption by approximately 11% per three-year period, or 24% overall in states with such laws. The laws appear to reduce the network effects of EMR. In states without hospital privacy protection, if one hospital in an area adopts EMR, the propensity of other hospitals in the area to adopt EMR is increased by 7%. In states that have privacy laws, this propensity increase is not observed. bunmi1 http://content.healthaffairs.org/cgi/content/abstract/24/5/1103“Can Electronic Medical Record Systems Transform Health Care? Potential Health Benefits, Savings, And Costs” Richard Hillestad, James Bigelow, Anthony Bower, Federico Girosi, Robin Meili, Richard Scoville and Roger Taylor
This examination of the health and financial benefits of HIT uses comparisons to IT in other industries to estimate the potential savings of adoption of EMR. They optimistically predict that EMR networking could save $81 billion annually.jfl1 Jerome Groopman, Pamela Hartzband Obama’s $80 Billion Exaggeration. The Wall Street Journal, Opinion, March 11, 2009
The two clinical faculty members of Harvard Medical School who authored this opinion were responding to statements President Obama made after his healthcare summit in early March. Dr. Hartzband is an endocrinologist at Beth Israel Deaconess Medical Center and an assistant professor of medicine at Harvard Medical School, and Dr. Groopman is a hematologist–oncologist at Beth Israel Deaconess Medical Center and a professor of medicine at Harvard Medical School — both in Boston. They believe touting EHR as a cornerstone of healthcare reform is overly simplistic and unsubstantiated. The article was enlightening regarding the basis for support of EMR is a theoretical study in 2005 by the RAND Corporation which is funded by corporations likely to benefit. jfl2. http://www.virmedice.com/ VirMedice is a reseller company for the web-based NextGen EHR/ EPM system. VirMedice, as a SaaS provider, provides full service electronic health records by offering remote access to the NextGen system using internet connections. Instead of buying the complete software and server, and then hiring IT service to start the electronic health record system, VirMedice provides them for you. This is a convenient, low initial capital outlay way to implement an electronic record system for a small group and single practitioner, however an ongoing monthly leasing fee is required. It eliminates some of the headaches of a medical business, such as initial high cost purchase, ongoing IT maintenance and loss of patients’ records due to power outage and computer dysfunction. oba1 http://www.chartlogic.com A significant difference in this EHR system, compared to any other EHR systems is the Precision Voice driven ChartLogic EMR, which integrates proprietary software with voice driven commands, dictation, specialty specific vocabulary, microphones, and hardware. This system is designed to achieve highly accurate voice recognition and provides time-saving shortcuts in addition to electronic medical records. This company combines Electronic Medical Record (EMR), Practice Management (PM), and Document Management (DM), and offers three different EMR solutions. ChartLogic claims that by implementing Precision Voice command, it makes doctors lives easier and saves time for busy medical practitioners. oba2
http://www1.va.gov/cprsdemo/ and http://www.vacareers.va.gov/vacareers_Careers_Edge_Technology.cfm
The Department of Veteran’s Affairs Medical Centers use their award winning electronic health record, CPRS (Computerized Patient Record System). CPRS is networked across the VA patient care centers in the U.S., including VA medical centers, clinics, and care facilities. The purpose of this is to be able to access Veterans patients’ medical records including labs, patient’s information, medications, diagnostics and progress notes so Veterans can have their medical care anywhere in the U.S. without disruption. CPRS is a comprehensive Veterans Health Information Systems and Technology Architecture (VistA) program, where VistA became part of the public domain. Therefore VistA can legally be the basis of proprietary software and free and open source software in community. The adoptation of VistA by EHR industry is discussed at http://www.fierceemr.com/story/vista-powerful-it-adaptable/2010-01-14oba3 http://www.medsphere.com/
A number of companies already have taken the source code for VistA and commercialized it as a lower-cost alternative to the many proprietary, enterprise EHRs on the market. Medsphere Corporation, a founder of Open Vista which is the most fully commercialized VistA offspring, emphasizes the affordability being a huge issue to implement EHR system in many communities. The company claims that they can do everything the other systems do without upfront capital costs or back-end balloon payments. Medsphere is based in Carlsbad, California, and was founded in 2002.oba4
**http://www.centerforhit.org/online/chit/home/ehr-adoption.html**
This site by the American Association of Family Practice has a large web of education on what the MD needs to know about EMR. Tutorials are given on the teminology, on evaluating programs, on the implementation, etc. Also has product reviews by members. jfl3
http://www.ama-assn.org/amednews/2010/01/25/bil20125.htm
The American Medical News site is a huge resource on many topics and is rich in articles on EMR. The navigation bar in lavender down the left side of the screen makes content easy to access. This article from January 2010, discusses a different issue of EMR security: one does not need to be a talented hacker if one can merely obtain a user name and password from an authorized user. Sophisticated phishing schemes are targeting physicians in large EMR networks to steal the identity not only of the physician but also of the unsuspecting patients in the database. jfl4
Health Data Exchange http://www.healthcareitnews.com/news/klas-questions-vendor-claims-hies - "KLAS questions vendor claims on HIEs". This report published 2/9/10 examines a report by KLAS, an Orem, Utah-based research firm . KLAS found that only a few vendors can claim that they have created a proven and reputable model for HIE. They validated 89 separate organizations that use live HIE technology to share patient information that is viewed by physicians. Acute-to- acute sites as well as acute-to-ambulatory sites were evaluated. Medicity's Novo Grid was the leader with 22 live sites in the acute-to-ambulatory HIE's. More than 70% of the validated sites were funded through state or federal grants. Many challenges were reported on establishing a HIE including security and privacy concerns as well as governance and patient consent..jfg1
Meaningful Use http://www.govhealthit.com/newsitem.aspx?nid=73094
The National Health IT coordinator, Dr. David Blumenthal, spoke to government leaders at the Health IT Government Leaders, Health Information Exchange and HIPAA summits on February 4, 2010. In his description of how his office will determine how high to set the bar for physicians and hospitals to be converted into “meaningful users” of electronic health records, he spoke of "stretching" but not "break" the healthcare community in setting conditions for healthcare providers to qualify for the financial incentives to implement "meaningful use" of health information technology. The proposal uses an "escalator concept" guiding providers toward increasingly sophisticated uses of EHR's via the help of financial incentives and aid from state health information exchanges and IT technical training centers. The director of the Agency for Healthcare Research and Quality, Dr. Carolyn Clancy, believes that wider acceptance of EHRs holds the potential for considerably improving population health research. She stated that “health IT is critical and indispensable but people have to organize the information. That is really the promise of patient-centered health research”.
Comments on the proposal are being accepted by the Health and Human Services Department until March 15, 2010 and they are expecting finalizing the plan in late spring.. jfg2
Patients are cared for even when the Care givers are off site with Capzule. Care givers can now easily connect with their office via their iPhone. With the launch of the iPhone Web application for Capzule.com, an online service that provides electronic medical records to independent clinics, Care givers have greater flexibility in caring for their patients. They can review patient files on their mobile device, and provide quicker response times when away from the office.They can view messages, check their schedule, review charts, and write prescriptions. Doctors who treat patients in more than one location will greatly benefit. They can check on patients between hospital rounds, nursing home visits and more.Affordability should increase as well with monthly fee dropping from $ 200 to $ 50 per doctor per month because of competition. Sharad
MBA STUDENTS PLEASE DO NO MORE EDITING OR ADDING TO THIS PAGE. PLEASE GO TO "THE NEW HOME PAGE" INSTEAD
It is estimated that medical errors may cause 44,000 to 98,000 deaths per year (or the equivalent of two 737 jets crashing daily). Medication errors can be reduced, if not eliminated, by the use of EMR’s[1] . Yet, physicians and hospitals alike have been slow to adopt EMR’s due to several reasons. These include, but not limited to, technology that is not user friendly, cost of installing and training, difficulty in usage and non-communication between different systems making the information still difficult to obtain.[2]
The Baby Boom Medicare "explosion" is quickly approaching, certain to further strain healthcare resources, and an economic recession has focused political and business leaders on cost-containment measures, including healthcare expenditures. Accordingly, these forces are poised to redirect the typical incrementalism of health policy formation to more radical reformations.
This analysis was undertaken to evaluate the universal adoption of an electronic health record. Specifically, the existing electronic health information technology‘s
benefits and drawbacks along with its use in data mining to improve patient care are examined in the context of its adequacy for a national electronic health record (EHR) initiative. However, the prospects of a national electronic health record have not been uniformly received with enthusiasm. Perspectives of electronic health information systems have ranged from a bothersome burden to a healthcare panacea. While many the in the insurance industry and academia have lauded its potential value, healthcare providers including physicians and hospitals have remained suspect of its cost-benefit ratio. These barriers to the implementation of an electronic health records are further considered below, along with the potential advantages and disadvantages its global adoption. Finally, the financing of such a project, either through the private sector or government sponsorship, is evaluated.
Defining an Electronic Health Record
The terms EMR (electronic medical record), EHR (Electronic Health Record) and PHR (Personal Health Record) are often used interchangeably by the media and health professionals. However, there are important distinctions to be made beyond mere semantics. EMR‘s are electronic databases of patient information containing many variables including demographic, medical and financial data. These systems are frequently linked to enterprise systems to coordinate billing and scheduling, in addition to non-patient care tasks such as marketing. This is in distinction to a PHR that contains individual patient information. These data can be in any form. EMR‘s and PHR‘s can be merged, edited and retrieved in an electronic format and more broadly considered as an EHR.
The electronic health record (EHR) is traditionally a provider-controlled document. Managed care organizations and other payers can access EHR information to create standards for pay for performance programs for physicians and hospitals. Optimally, EHR data could be utilized in aggregate to develop improved standards of care, perform large epidemiological studies, and facilitate identification of patients exposed to a drug or device that has been recalled. Clinically, care provider to care provider transfer of information should be enhanced by an EHR. Improvements in documentation may optimize patient care, which arguably may reduce costs, improve collections. The extent of realization of these gains is not known.
As mentioned, above, the EHR may be comprised of individual PHR‘s. Traditionally, the personal health record (PHR) is patient-driven documentation. These systems are typically very user friendly, and are an important way for information to be passed between patients and providers. Many of the currently available PHRs offer additional benefits such as links to health newsletters and health encyclopedias. Most of the PHRs that were reviewed offer two to three levels of security and can include other personal information such as next of kin, insurance information, living wills, and emergency contacts. The PHRs are secure with username and password; there are restrictions regarding who can enter data, with this data being encrypted. These PHRs are made portable by using USB memory devices; some are accessed in a read-only manner for emergency services personnel. A few of the PHRs offered are free, but many are available at a very low cost. Well established internet companies such as Google and Microsoft are offering free online PHRs. As with the other PHRs, it is patient controlled data and access is controlled and the information is securely stored.
Disadvantages to the various PHRs stem from the design of the PHRs themselves. Since the information is entered and edited by the patient, there may be inaccuracies in health assessment. A patient could omit entire sections of his health record, even if it is vitally important to his overall care. The elderly population, who may not be as computer literate, may not utilize a PHR at all. Another important limitation is the security of the information.
To facilitate portability, many PHRs offer ID cards for healthcare providers to obtain access to the patient‘s data. For example, the site http://www.medsfile.com allows printout of the record with no personal identifiers, which adds to security and assists emergency personnel. However, a lost card can potentially give anyone access to the information. Also, end user failure to guard the information safely would allow unauthorized access to patient documentation, and could lead to identity theft. The numerous cases of laptops being lost containing critical personal information underscore this point. In consideration of portability, compatibility must be considered. If different databases do not afford for electronic interchange of data ,the benefits of a phr are lost.
A universal patient health records system implies a single medical document accessible by all of the patient's authorized healthcare providers. Secondly, a patient health record system (whether universal or not) specifically incorporates the input of patients in addition to the input of healthcare providers. One of the major criticisms of the existing healthcare system is that information exists in ―silos‖. The analogy aptly describes the situation where each patient‘s healthcare providers utilize an independent and separate health record. Within a single institution or healthcare provider group, multiple healthcare providers may be able to access the same record. When healthcare extends beyond these boundaries however, multiple duplicated health care records are created, resulting in the existence at any one time of multiple variably incomplete and semi-duplicated patient documents. The result is that healthcare, like the documentation which records it, ends up being fragmented and incomplete.
The increasing use of electronic documentation requires electronic storage. Onsite servers with backup redundancy are one answer while large terabyte repositories (with backup offsite storage) are another. There remains the possibility of server failure interrupting access to the EHR. Upgrading or changing software can leave an EHR unavailable unless an expensive data conversion is done. Many EHR programs are very expensive for small private practice offices. The cost impediment will slow acceptance of the project. Government financial support is being considered to advance the institution of office EHRs.
When considering these factors together it becomes apparent that a universal EHR and/or universally compatible EHR project should be considered. An important consideration regarding this undertaking is that stakeholders - individuals, clinical practice groups, agencies and political parties – may have non-congruent goals as they consider what technology, infrastructure, support is needed to achieve implementation of such an EHR.
What might an EHR do?
The ultimate potential of a universal EHR is not known. Advocates contend it has the capacity to improve patient care, research and public policy formation. However, the cost-benefit ratio and privacy concerns have yet be resolved. Though specific goals are innumerable, the generable objectives of healthcare information systems would be to:
In the short term quality improvement, monitoring and maintenance may add to costs. However, it is the response to these quality control outcomes that should decrease costs. Opponents contend that there is no definitive concrete evidence that EHR‘s improve healthcare, safety or decrease costs. They point to high EMR failure rates, implementation costs and low satisfactions rates. It is important to note that these, in general, have been experiences of enterprise EMR systems, not EHRs. Also, these experiences did not include data integration and intersystem sharing. Without this, the true safety and cost saving measures of an EHR are indeterminable. Additionally, both advocates and opponents agree that privacy must be an essential component to any system, and these details have not been agreed upon.
In order to be effective, an EHR must have data retrieval and manipulation characteristics over mere archival capabilities. Fortunately, the capabilities of existing EHRs‘ data mining (the process of locating and extracting information from a database; this data can be utilized in many different ways) functionality are established. The extent to which this data can or should be utilized is, however, still debated because the quality of research and public policy decisions will be proportional to the data and the manner in which they are stored. If erroneous data are input, suspect conclusions may be accepted as fact. In a universal system, this could have far reaching consequences in an environment with little checks and balances.
In the case of an electronic health record (EHR), these data typically pertain to protected health information, which is the focus of HIPAA regulations. When adequate safeguards are employed to protect the confidentiality of this information, it can provide researchers, policy makers and educators with extremely useful data. This information, or even access to the database, can also be misused with potentially serious adverse outcomes.
Like performing a search of the internet, choosing the correct terms or measures to perform data mining are critically important. In an EHR, there are hundreds of measures that are available to include in a search. Demographic data, such as age, gender, location, health insurance, or assigned provider can generate a useful denominator. The data can be searched by diagnosis, a specific medication or laboratory result, or other similar outcomes. Time is also a variable that can be included in the data search. Including time allows the interested party to identify and track trends in the data.
There are innumerable trends that data mining yields. Simple measures, such as weight or blood pressure, can help identify populations at risk for other comorbid conditions. More complex studies can track the onset of a diagnosis, the subsequent treatments, as well as the degree of their success in controlling the condition. The prescribing patterns of healthcare providers, particularly when it comes to trends in utilization of generic vs. branded medications, could prove useful in analyzing the escalating costs of healthcare. Public health and consumer safety is also served by data mining. A medication recall, as discussed above, is easily facilitated by having an EHR and using common data mining techniques to identify any patient that has had that drug prescribed. A target population for a specific intervention, such as an immunization, is also readily obtainable from an EHR.
The potential of abuse in data mining is a real and significant threat to the integrity of such a program. If personal health information becomes accessible to the wrong person, confidential information might fall into the wrong hands. Like any statistical measure, an incorrect assessment might lead to a faulty conclusion and hence a misappropriation of efforts, funding, or educational intent. In this case, it is not the technology or design of the data mining system that is in question, but the integrity of the person(s) involved in the process that could generate the error. Compliance and integrity are paramount characteristics to consider in this type of program.
Key Capabilities of the EHR
The key capabilities of the Electronic Health Record System per the Institute of Medicine of the National Academies (and examples) include:
Advantages and Disadvantages of EHR
Major Advantages include:
Major disadvantages include:
How will a project of this magnitude be funded?
The potential value of EHR to the healthcare industry at large as well as individual‘s health care is significant only if it becomes widely adopted by both individuals and healthcare providers. Additionally, the platforms must be secure and rapidly accessible and interoperable across different locations globally. Developing and implementing this technology on a widespread basis will take significant information technology expertise, innovation, and will have substantial costs. This leads to the question: How should the development and management of EHR be funded? Should the government subsidize this endeavor with taxpayer dollars? Should EHR be a for-profit endeavor? The private sector presently funds the majority of EHR initiatives, but federal funding/incentives have been provided. For example, Kaiser has spent billions of dollars to develop and implement its EMR. The federal government has encouraged electronic transitioning among practitioners and hospitals. Federal electronic health prromotions include bonuses for e-prescribing and filing under the auspices of pay for performance. However, the actual total amount of federal funding is unknown but it is certainly confined by existing budget deficits and competing priorities. President Obama‘s pledge to spend $10 billion per year to create and implement a universal EHR may fall short and others sources of funding are likely to be required. Additionally, government administered programs may carry the stigma of lack of efficiency and innovation, and not being as responsive to the user as those developed by the private sector.
Despite the potential value to stakeholders, it is likely that additional personal and business taxes to fund this project would be met with substantial opposition. Also, the use of taxpayer dollars may not be the most efficient way to rapidly establish a widely accepted EHR system that transforms the way healthcare is practiced. As long as healthcare is part of a market driven economy, market based (as opposed to tax-based) solutions are most likely. The entrepreneurial spirit present in the private sector should be leveraged to quickly innovate, develop, and institute a safe, secure, user-friendly EHR platform that can be accessed by individuals and institutions globally. These will include the networks of public, private and not-for-profit companies combining resources and expertise to gain large market shares. Competitions for prize money for developing or grants to develop the best EHR platform with regard to security (meeting government established guidelines), user friendliness, reliability, and ability to integrate with existing EMR systems may be one way to encourage innovation from IT experts.
What is the ideal EHR?
The ideal EHR would meet the needs of all stakeholders. In the case of EHR‘s the sheer number of stakeholders makes the development of a universally accepted system difficult. A federal solution is unlikely in the present market base healthcare system. Market forces will likely select the "best" EHR‘s in terms of utilization, but the developers‘ interests may be divergent from other stakeholders.
There are several secure, affordable, compatible,and user-friendly EHRs,although transferability and universal acceptance is years away.Accessibility for the patient as well as the care provider has to be as easy as the Capzule. Physicians can connect to their office records through their iphones and respond to patient problems much earlier.Sharad However, its "season" has come, despite not knowing what the final fruits of the season will be. Hopefully, a market solution will be created before a multibillion dollar EHR tax-payer funded bailout is mandated.
Design and Interface of the EHR
Should our goal be to have one national EHR system, or is it reasonable to have many systems so long as they are compatible and communicate freely with each other? I think only time will tell, however in the United States, the approach for now is multiple platforms and systems. What is important is to have the providers and key physician involved in the design and implementation of the EHR that will work best for them.
There appear to be two main structural elements to medical records: core components and then specialist sub-components.
Different user interfaces that can be used for the EHR (and their advantages) include:
Implementing EHR; Buy or SaaS?
Two ways to implement EHR exist, in general. One way is to buy the software from an EHR vender, and locally install the system onto your office workstation. In addition to having hardware (computers, printers, networking routers, scanners), you will need to buy EHR software and an in-house server for storing your patient’s medical records. Once installed onto your computer hardware, you are responsible for networking, IT and maintenance. Most of the time, the organization will need full time or part time IT team support to look after your system. This often involves substantial capital investment upon EHR implementation, and might work for medium to large size practices or hospitals. However, it will be difficult for a small practice or solo practice who might have limited revenue to keep up with the maintenance costs.
The other way to implement EHR, without much up-front cost, is to go with a Software as a Service (SaaS) provider. SaaS is a type of software deployment where a provider licenses an application (in this case the EHR application) to customers for use as a service on demand. In short, a customer leases the EHR application (web-based EHR) through a SaaS provider. This can be done by hosting the application on a SaaS provider’s web server or upload the application to the customer’s device. We often hear of resellers of an EHR vendor, and usually they are referred to as a SaaS provider. The benefit of this is to reduce or eliminate up-front capital investment, focus on budgets rather than infrastructure, gain immediate access to the innovative technology without buying, increased accessibility remotely and locally, and finally pay as you go (predictable costs). You still need to have basic hardware, however you do not have to worry about software malfunction or database server storage trouble-shooting onsite. You can see the advantages and disadvantages at http://www.ctsguides.com/software-as-service-saas-meet-emr-needs.asp
oba
Data input into EHR; Typing, Template, or Voice commend?
Three ways exist to input your daily progress notes into an EHR system. One is to type your notes directly into the EHR database. If you are comfortable with typing fast, this option might work for you. A typing input prototype EHR system is VistA/CPRS from The Department of Veteran’s Affairs Medical Centers. The second way to input your daily data into an EHR system is a template based system. The template offers click and choose methods, reducing much of the typing requirement. Most of the EHR systems available from the industry offer template settings in their EHR systems. Now a new type of EHR software with voice command makes text typing not necessary for input of daily progress notes. This might work for a practitioner who is resistant to EHR systems due to typing issues. For example, the Precision Voice driven ChartLogic system provides EHR software to achieve highly accurate voice recognition. One of the newer EHR systems, Medisoft Clinical, offers a choice of data entry methods including templates with click and choose, speech recognition, transcription, digital pen and dictation. oba
HITECH Act
The Heath Information Technology for Economic and Clinical Health Act (HITECH) is part of the American Recovery and Reinvestment Act signed by President Obama on February 17, 2009. The purpose of the act is summarized in this quote from the President "To improve the quality of our health care while lowering its costs, we will make the immediate investments necessary to ensure that, within five years, all of America's medical records are computerized. This will cut waste, eliminate red tape and reduce the need to repeat expensive medical tests…But it just won't save billions of dollars and thousands of jobs; it will save lives by reducing the deadly but preventable medical errors that pervade our health-care system."[3]
To accomplish this goal, HITECH allocates $19.2 billion to accelerating the adoption of electronic health records (EHR), the majority of which (more than $17 billion) is in incentives to health care facilities and providers to encourage the adoption of EHR. In 2009, the Congressional Budget Office estimated 90% of physicians would adopt EHR by 2019 and the acceleration resulting from HITECH would save more than $60 billion in that time.[4]
An additional $2 billion is allocated to the development and support of health information technology (HIT) education. This includes grants to institutions of higher education to expand medical infomatics education and integrate this with the education of healthcare professionals. HITECH specifies $598 million for the creation of the Health Information Technology Extension Program wherein nonprofit organizations receive government grant money to establish and operate 70 Health Information Technology Regional Extension Centers, which will provide hospitals and clinicians with hands-on technical assistance in the selection, acquisition, implementation, and meaningful use of certified electronic health record systems. [5]
The act includes new security precautions “strengthening Federal privacy and security law to protect identifiable health information from misuse as the health care sector increases use of Health IT”.[6] The data mining for profit industry is forbidden from selling health information without the individual’s permission. Porviders must attain authorization from the patient before utilizing health information for marketing. Patients are entitled to an audit trail showing all releases of their information, and notification of any unauthorized disclosure.
HITECH includes a process for developing standards for the exchange of information and a voluntary certification process for HIT products.
The implementation of HITECH is the responsibility of the Office of the National Coordinator for Health Information Technology (ONCHIT) created in 2004. jfl
Safeguarding EMR Security and Privacy
The safeguarding of our EMR database is perhaps a bigger problem than one might imagine. As mentioned earlier, hackers will have a hayday with this information. The conflicts of interest between patients, providers and payers will most certainly open up the doors for finding ways to beat the system. The need to explore the avenues available to hackers should be clearly studied by IT system engineers. Only then can these doors be locked. The problem with tight security is that it limits the functionality of the format. All of the issues that affect funtionality must be in place. Obviously, one of the most interesting findings as you read the mass of information already available, is that primarily payers are the ones setting up the PHRs to date. There are a few private for profit groups, however, the payers do have conflicts of interest where obtaining access to the EMR is concerned. For example, in the locale where I have practiced for 20 years, a radiologist starts every chest x-ray report by stating "COPD", even on children's chest films. Once discovered by the payer, that erroneous finding will create insurance problems for the insured. The payer has a vested interest in collecting premiums, while denying benefits. Any format that gives the payers access to priviledged information, or information that may be subtly altered can affect the insured's insurability.
Additional problems include the myriad of hardware and software that is easily available to gain illegal entry into the EMR. For example, the "KEYLOGGER" is a small flash drive type of device that can be easily plugged into the USB end of any keyboard. The hacker, whether office employee, janitor, or other person, can retrieve every keystroke made on that computer easily. All passwords and confidential data will be stored. The hacker can gain entry into any computer and access any file with the illegally gotten passwords. There are remote access software disks that can be installed to further complicate this problem. There is no point to pretend that this is not going to happen, because it already is happening. Included here are several links that provide information on the expected security and privacy issues that we normally think about related to the EMR. I will first include these in the form of an annotated bibliography, then will finish with including some of the sites where the hackers find information. This is a very real and threatening problem.
Fact Sheet 8a - HIPAA Basics - Medical Privacy in the Electronic Age This site is an all inclusive collection of the reasons why privacy and security is important in the age of EMR. It is filled with information and links to much of the important work that has been accumulated on this subject, not limited to, but including: HIPAA Privacy Rule: Benefits and Shortcomings? - Who Is Covered by HIPAA? Who Is Not Covered, Medical Information: What Does HIPAA Cover? - What Is "Protected Health Information?" What Is "Minimum Necessary?" - Control of Your Medical Information: " Consent" and "Authorization" - More About Your Right to Access Your Medical Records - Your Health Records and Your Employer - Your Health Records and the Government - Your Health Information and Your Credit Report - HIPAA and Your Daily Routine - Complaints and Penalties for Violations - The HIPAA Security Rule - Electronic Health Records (EHRs) - The 2009 Stimulus Law, Electronic Health Records, and Privacy - Health Information Privacy in California - Tips for Safeguarding Your Medical Information - References and Resources.
Privacy Rights Clearing House. bal
1. http://www.privacyrights.org/fs/fs8a-hipaa.htm
Security: the case study commentary begins by stating the central ethical dilemma: "whether physicians are required ethically and/or legally to record information that could, due to an increasingly accessible medical record, harm the well-being of patients. Inability to guarantee the confidentiality of sensitive and potentially harmful information strikes at the core requirement of the doctor-patient relationship: trust. Without trust, patients do not feel that they can disclose intimate and potentially embarrassing and/or damaging details of their lives that physicians need to diagnose and treat effectively." **Ethics Case Study**. A general internist working for a large managed care organization is asked by one of her favorite patients not to document in his electronic medical record (EMR) her prescribed treatment for an acute grief reaction to his secret male companion's death. "'Doctor, I can't believe you are so naive,' he says. 'I'm in Army intelligence. I can promise you there are 10 ways I could breach the confidentiality of the medical record system right now if I wanted.'" Confidentiality is not absolute from a legal perspective, and records used for other functions bypass the physician's protection. Beyond the basic dilemma, the advent of electronic charting and prescription distribution has resulted in breaches of patient confidentiality in ways that would have been unthinkable 20 years ago. We are reminded that "already, the sale of data from these sources to insurers, private companies, government agencies, and financial institutions has become widespread, much in the same way as credit information is exchanged." For example, businesses openly advertise background check services, where for a name, address, date of birth, social security number, and an undisclosed fee clients can purchase, among other things, the clinic name and date of that person's clinic visits for the past 10 years.The recent National Research Council report concluded that "the primary threats to the confidentiality of patient information originate from the lack of controls over the legal (and generally legitimate) demands for data made by organizations not directly involved in the provision of care," such as health services researchers, public health agencies, managed care organizations, insurers, and self-insured employers. Is the perceived erosion in medical record security so real that physicians should consider adjusting their records' contents? Should theoretical security risks enter at all into how physicians chart and maintain patient records?
bal1
2. http://www.medicalcomputing.org/archives/0nvemrsec.php
– EMR and HIPPA - November 11, 2009
I was on our user’s forum reading about a security flaw in our EMR. There were some discussions about the ability to circumnavigate prescription privileges and have your staff write themselves narcotics…. I had our IT guy spend some time in the system. He was able to determine that one of our staff members had in fact been printing out an old script that had been written in the past and manually faxing it to pharmacies around town. The problem with the software is that it lets you print out a script from a locked note, and it prints out with the present date so it can be filled!
bal2
3. http://www.emrandhipaa.com/category/emr-security/
- Home > EMR >
Posted on June 22, 2009 by Colin J. Zick
In what it describes as an effort "[t]o protect the privacy and security of patients," the American Medical Association (AMA) last week adopted a lengthy report and related principles for physicians to follow in the event a patient's electronic medical record were to be breached.
bal3
4. http://www.securityprivacyandthelaw.com/tags/emr/
New Study: Patient Privacy Rules Hamper Adoption of Electronic Medical Records:
Home > Healthcare Industry Spotlight > New Study: Patient Privacy Rules Hamper Adoption of Electronic Medical Records bal4
Posted on April 29, 2009 by Jeff Bone:
5. http://www.securityprivacyandthelaw.com/2009/04/articles/medical-information/new-study-patient-privacy-rules-hamper-adoption-of-electronic-medical-records Privacy and Security Issues: By Trisha Torrey, About.com Guide - Updated February 19, 2009
When it comes to electronic health and medical records (EMRs), the digital technology has a few limitations. From the mechanical ability and methods for storage and transmission, to the ways they can be accessed, new and more advanced systems are becoming available every day.
However, definite limitations and issues arise from the implementation and use of EMRs and PHRs (personal health records). You may have already reviewed the hurdles created by the local nature of EMRs and their lack of standardization. Additional problems exist with security and privacy of these records. Security Questions for EMRs - Security is potentially a major problem. There may be no system in the world that is entirely uncrackable, including EMRs or PHRs. Think back during the past few years to the losses of credit card records at large retails chains, or the 2006 Veterans' Administration loss of its patients' records. Despite tight security on these systems, data was lost or accessed by others who should not have access…When it comes to EMRs, patients have little say in their participation; therefore, even if they have concerns about their records being a part of an EMR, there is almost nothing they can do about it…With PHRs, however, patients have much more ability to control content and access. Because these records are developed by a patient for himself, the patient also determines who has access, and how that access is made. Privacy Questions and HIPAA - Privacy is a similar concern. HIPAA, the Health Information Portability Accountability Act, federal law, determines how health information may be shared electronically.
bal5
6. **http://patients.about.com/od/electronicpatientrecords/a/privacysecurity.htm**bal6
7. http://www.inderscience.com/search/index.php?action=record&rec_id=22668
Annotated Bibliography
http://engineers.ihs.com/news/2006/aiim-astm-ehealth.html is an engineering standands website. This 2006 article talks about a novel .pdf/h platform for electronic health records. The .pdf format will accept all types of medical information including images, text and graphics. The working group included the AAFP as well as Intel and Adobe and several others to create a ―est practices‖guide to facilitate the capture of data and make it secure. Its portability can be done with USB memory sticks. It will give patients more control over their health information. There is a list of associated ehr standards accompanying the article covering formatting, nomenclature, and other necessary standards.
http://www.healthvault.com is a personal health record created by Microsoft no longer in beta testing. It offers https encryption as well as SSL secure transmission of information. The healthvault can be used to set up single or family accounts, using the Windows Live username and password. Sharing the information with others is by invitation only except for healthcare professionals or for legal purposes. The program allows links to other programs that can be used for personal health programs. Control of the data is personal but at different levels. Anyone with custodian level access is able to alter and/or delete all information. That person can also exclude the original custodian from access, a dangerous situation. Microsoft adequately warns in its privacy statement about this possibility. Many of the linked programs are phrs, and others are information sites such as the Mayo Clinic Health Manager. The entering and editing of data is tedious in HealthVault due to the manual nature of entry. This could be a negative factor for the elderly. The HealthVault website will lock you out if there is no activity for twenty minutes, and unsaved data is lost when you reenter the site. The Mayo Clinic Health Manager is one of the linked programs and is a better interface. It works in conjunction with Healthvault very well and has several trackers to follow weight, BMI, Cholesterol levels, etc. Its editing function is better than that of HealthVault. Overall, HealthVault is a good phr site, and its partnering links are very useful.
http://www.pdhi.com, the website for ConXus Health Improvement platform, under the name of PDHI, protocol driven healthcare, Inc. ConXus has several tools to be used for health risk assessments that its clients can access. A phr is part of the module but the product is aimed toward employers, health plans and hospitals for their members. While it can interface with a member‘s emr, it does not seem to be either a true phr or emr/ehr. The data storage site is very tightly protected with guards, alarm doors, and other protections for the data storage. This option is central web based data management. A key feature is third party data importation/exportation. Its stated market is health plans, hospitals, brokers and health improvement companies.
https://www.google.com/accounts/ServiceLogin?service=health is a service of Google health. It is similar to the Healthvault service with several linked associated services and an ability for the user to control the health information. The site allows the user to build a health profile and track changes. Google offers links to online health-related educational material. The service does allow HIPAA partner linking to other holders of the user‘s health information, such as a personal physician or pharmacy. That data can be linked to the Googlehealth account. Access is through a Google username and password, offering security. The privacy policy does not allow sharing of personal health information. Google does collect aggregate data for some purposes but it is never personally identifiable. A partial ―ealth history‖can be viewed by physicians. Google allows the user full control of the information including deleting all information found in the account. The service is free. To evaluate the site, a health profile was created. A component of this site is a shell repository for basic, personal medical information. There are links to find a doctor and import medical records. This appears to be an electronic phr (personal health record) site. However, its partners include notable hospitals, clinics, pharmacies and healthcare provider rating services.
http://www.ihealthrecord.org is now part of Medem. The backbone of the site is a series of checkoff options that are then added to a phr that can be placed on a wallet card. Access to the information can be granted to others, including personal physicians. While the site is easy to access and the entry of personal information is easy, the checkbox system is limiting in the options to check. I found the immunization module to be outdated. Some procedures, such as MRIs are found in the surgery module, which might confuse older patients. The site does allow printing of the full phr or just the wallet card. There is a patient library that can be accessed as well as a message center that will deliver information on programs that interest the patient. The ihealth record is secure and email addresses are not divulged to anyone. The privacy policy protects personal information. Linked sites are not protected by the Medem privacy policy, a standard disclaimer. The privacy policy is written in an easy to read font and is only one short page long. I found no statement regarding security of the personal information, such as encryption of the data. As a phr and to create a wallet card it looks very adequate. As a full phr it needs improvement.
https://secure.er-idcard.com/ is ER-id, portable phr, editable only by the owner, but with a name and member number, can be accessed by a professional. It appears that the information is kept at er-id and communicated to a provider over the Net. It gives a good measure of portability to the health record, but editing is up to the patient who is the only one who can open the file to write to. Membership is $30/yr single, max $84/yr for very large families. Good security and portability.
http://www.onlinehealthrecords.com myphr.ca is a Canadian site. It proudly proclaims privacy as No.1 priority. The website itself is not well created and the links alluded to are nonexistent. It has a lot in common with er-id cards. It too is self edited by the patient or his representative. What about the internet illiterate? This personal hr does two good things: it logs anyone who accesses the information and which information was examined. It claims to organize everything in one site. Membership is free. I asked the company a few questions about myphr.ca. After contacting the company here are some of the responses:
1. MyPHR.ca is not just for Canadians. In fact, because our company and servers are situated in Canada our customers’ information is not subject to the US patriot act.
2. Yes, health professionals can have their own emergency login to see members’ profiles without the member's username and password. All the health professional and emergency responders have to do is create an account and request a health professional login (and once verified as such) they can login and then enter a member's 12 digit number to see a "read-only" profile of a member's health information.
You can have all of your patients create an account for free (and have them enter their information online) and then you can see their information online at www.myPHR.ca or mobile device (such as a Blackberry/Palm) at www.myPHR.ca/mobile 24/7 where ever you are.
http://www.aetna.com/news/2006/pr_20061003.htm is a phr developed by Aetna. Most of the information is filled in automatically by Care Engine, which is actually a relational database that searches claims records and pharmacy fills. There is an area where the patient can enter and update other items. Its portability is that it can be printed out to give to physicians. Physicians also have access to the data. Its strength is in its database capabilities to automatically access information and update the phr. Aetna will send alerts to the patient and physician regarding cross reactions, medications to refill, and tests/exams that need to be done. These are some very nice features. Security features are password encoded. It is web based for access. Its weakness is that it is linked to the insurance company. If your employer changes policies, can you still access the data and give it to your physician. If not, at that point the information becomes static and out of date and it decreases in value unless Aetna
sets it up independently of its insurance function and allows anyone to purchase and use it. But then how does Care Engine access the claims data. STD, HIV, and family planning information are not automatically entered and must be entered by the patient. There are more questions from my initial review than answers. Question on alternate (non primary) provider access to the information—the ER or out of town visit (snowbird phenomenon). Their data will enter the system via claims, but how do these providers access the information in emergency situations. How do you correct a misdiagnosis?
Soarian Integrated Care by Siemens is more than just an ehr product but rather a complete practice management and computer aided diagnosis‖package. It has several modules that you can add for more complete management but our quest is to identify how to make ehr and the phi portable and private. The setup looks very expensive, a barrier for small practices and individuals. The Soarian portal allows for online access by providers. There is little information about the personal health record, but the EMR, called the online medical record, appears to be very strong. We are looking for nationwide access to phr that can help in patient care. The website only indicates that Siemens will assist you in building a phr.
http://www.allscripts.com/products/electronic-health-record/default.asp Allscripts had partnered with Microsoft in 2006 to develop EHRs. It has since branched out forming other IT and content provider partnerships. To date it has 150,000 physician participants. Its focus includes business and office management as opposed PHRs, alone.
http://www.indcaremgmt.com/onlinepersonalhealthrecord.htm. is a case management site and can‘t be accessed unless you have a member id. From the webpage it looks like they do case management for employers, etc. and offer to customers a personal health record. I could not look at the form of the record itself or how it keeps things secure.
http://www.healthrecordsonline.com/ This site, Canadian based, offers secure servers to store one‘s medical information. All data is sent encrypted, and there is a three-step security system to ensure no one can have access to your records except you. Access is via the internet. It appears that the patient adds/updates the information, so it could be biased or susceptible to errors. There is a section for physician notes to be added, but the patient has the ability to delete entries at his or her discretion. It costs $44 per year (Canadian dollars) for this service. I think it would be great to have if one does a lot of travel, but would not be optimal from a physician‘s perspective to replace the patient‘s original chart, whether paper or electronic.
http://www.accessmyrecords.com/index.htm. Another site where personal health information, entered by the patient, is stored and that is accessed via the web. The patient carries a card with his ID number on it and this will allow anyone to access the record; there is encryption but no super-secret password. The data can also be accessed on a cell phone, if that is the only system available to the emergency responder. It is $30 annually, $50 for a couple and only $20 per child. Very affordable, and would appeal to travelers, but access is possible by anyone who obtains your ID card, so is less secure. The entry of data is 100% controlled by the patient as well; there is no option for a physician to add entries unless the patient scans records into his or her MyAccess chart.
http://www.chartaccess.com/html/services.html. This site is an online service to request copies of medical records, and then view/retrieve them via the internet. They make a big push about customer service, promptness and accessibility in particular, towards the requesting entity. Their primary service is attending physician statements for the insurance industry. The request is made on-line, and frequent status reports of the request are available. Fees are not disclosed for this service. One advantage is that the entire process, including viewing the records, can be handled in a paperless method and is very customizable.
http://www.ehealthglobaltech.com/ Another provider of records retrieval services, like chart access. The site is as much an advertisement about the company, with press releases and financial reports, as a portal to obtain medical records in a completely electronic format. They do have a global network with several more specialized subsidiaries, which include research and digital radiographic images. The company appears well organized and has a whole section where all the various stakeholders in Health Information Management are able to see where ehealth will interact and likely benefit them. The website is exhaustive; they seem to have thought of everything. Despite this impression, one cannot find out the fees for this service unless you make direct contact with a customer service representative.
http://www.medfusion.net. This company develops secure patient-physician communication systems which provide many levels of service. From requesting appointments to facilitating doctor-patient communication, mass e-mailings to patients, as well as individualized messages. The service includes training of client office staff and broad technical support. Patients can use this product to complete forms and pay bills online, request prescription refills, and communicate with the office staff directly. There is also a medical record that is partially controlled by the patient, but the specifics are omitted. It is difficult to determine the cost of the product without making contact with a sales representative, but like many of these EMR-related sites, there is a ROI calculator which likely can demonstrate a positive yield using medfusion‘s numbers. They offer many other services not at all related to an EMR, such as helping develop an intranet or webpage for the healthcare provide.
http://www.amazingcharts.com/company/companyframeset.html. This physician developed EHR has been implemented into 2000 offices. Its benefits include chart and schedule integration with low licensing fees ($995). I was able to download a trial version of the program. It is quite easy to use, but its lack of sophistication would make add-ons (X-rays, EKG‘s, Labs, etc) difficult.
http://www.cchit.org Certification Commission for Healthcare Information Technology. This nonprofit organization has the goal to ―accelerate the adoption of health information technology by creating an efficient, credible and sustainable certification program.‖
Site includes a list of CCHIT certified ambulatory, inpatient, emergency and information transfer EHR providers and information of certification requirements. The mere existence of this site points to some of the challenges facing EMRs developed in the private sector.
http://www.gehealthcare.com/usen/hit/products/centricity_practice/emr_index.html. GE Centricity GE offers personal use and enterprise software. Potential advantages include data integration (GE media platforms are available) and web/network based portals. Operational benefits include data mining programs for business units which are optional.
http://www.nextgen.com. This product appears to be very similar to the Centricity system, but more end user focused. I tried out the online Demo and previewed the version for our institution. It will likely require the use of a scribe to allow efficient use that does not interrupt the typical human interface between patient and physician.
http://www.practicepartner.com. McKesson Practice Partner. McKesson recently acquired Practice Partner which was originally founded in 1983 as Physician Micro Systems. Its focus is integration of appointments, scheduling and patient information with billing features. McKesson is already a major force in healthcare operations and has partnered with Oracle, Citrix and Microsoft (SQL Server).
http://www.webmd.com. is the WebMD site. To better evaluate this feature I completed the two minute registration. It is a basic PHR platform with health assessment and information sharing options. A weakness includes the lack of data importation.
http://www.iom.edu. Institute of Medicine. This influential health policy institute‘s website contains a number of reports advocating the use of electronic medical records to improve patient quality. Specifically addressed are the potential uses of data mining to monitor diseases, treatments and trends.
http://www.iom.edu/Reports/2003/Key-Capabilities-of-an-Electronic-Health-Record-System.aspx A site within the main IOM that outlines the key Capabilities of the EHR system. The report was sponsored by the U.S. Department of Health and Human Services and is one part of a public and private collaborative effort to advance the adoption of EHR systems. jph5
http://www.kaiseredu.org. The Henry J. Kaiser Foundation. The Kaiser foundation has summaries of health information technologies and links to related sites. Particularly useful is its breakdown of electronic health records and associated costs.
https://www.kaiserpermanente.org. Kaiser Permanente, the nation‘s largest HMO/insurer offers on its site ―y Health Manager‖and ―y Medical Record‖features that are extensions of its ambitious EMR project.
http://www.healthcareitnews.com. Healthcare IT News. This site covers the expanse of healthcare information technology. In particular news and evaluations of EMRs and PHRs are presented.
http://www.revolutionhealth.com. Revolution Health, like Google, Microsoft and WebMD, this software offers a PHR option at no charge. It is similar in content and format to WebMD, but it offers less personal diagnostic and self help options.
http://www.nehii.org/ NeHII, Inc. is a health information organization, providing services that securely exchange important clinical information among physicians and other health care providers, real time and at the point of care.Created through collaboration among a group of Nebraska health leaders, NeHII serves more than half of Nebraska's population and continues to grow.Through its secure electronic exchange of patient medical information, NeHII is hoping to contribute to the quality of health care while helping to control the escalating cost of health care in Nebraska and the U.S.The initiative began early in 2005 when several individuals representing health organizations gathered to discuss the need to create a statewide health information exchange (HIE) for the betterment of patient care in the state. The exchange would enable physicians statewide to view consolidated patient medical history at the point of care, improving safety and care delivery while reducing duplicate or redundant procedures.
This organization is an interesting concept as a clearing house for electronic medical data. However, the success in Nebraska will depend on 100% participation. The goal is to ultimately engage other states in a similar concept in order to share information and data. This site tends to be self-promoting. willisc1
http://healthaffairs.org/ This is the website for Health Affairs, a journal of health policy thought and research. The peer-reviewed journal was founded in 1981 under the aegis of Project HOPE, a nonprofit international health education organization. Health Affairs explores health policy issues of current concern in both domestic and international spheres. Every article Health Affairs has ever published is available online at www.healthaffairs.org. All readers have free access to selected Health Affairs journal articles at time of posting (Web Exclusive for two weeks, Editor’s Choice articles for two months); all journal articles three years old or older; and all //Health Affairs// Blog content. The full twenty-six-year article archive is online. The site also provides search capability within Health Affairs’ full archive. E-mail alerts and RSS feeds are available. This site is all encompassing with currently 121 articles on health information technology (HIT) and 571 articles that discuss health information exchanges. The abstracts are free but do require a subscription to download the full-text PDF for articles that are within the last three years (except as described above). willisc2
http://content.healthaffairs.org/cgi/reprint/24/5/1127 This is an article entitled The Value of Electronic Health Records in Solo or Small Group Practices. It is linked to the main healthaffairs website (see above) that looks at the value of EHR in solo and small medical practices. Even though this was written in 2005, many of the priciples and conclusions about the financial viability of such endeavors still hold. It is a well-organized study that compares two EHR systems in eleven different practice settings. The format of their study is a valuable format that could be used for evaluating EHR systems in larger practice settings and hospitals, as well. Conclusions about cost benefit analysis of EHR systems in these small practices can help policy makers formulate better financial and nonfinancial incentives for EHR use. The authors address the cost to providers, the time to recoup those costs, risk, and time benefits and quality of life associated with implementing EHR. willisc3
http://www.eclinicalworks.com/ eClinicalWorks is a privately-held, profitable company formed in 2000. It does not have outside investors. eClinicalWorks employs more than 800 people across its Westborough, Mass., headquarters and New York and Georgia offices.It offers EMR/PM solutions in all 50 states, with more than 30,000 providers using eClinicalWorks. eClinicalWorks is utilized in large hospital systems and affiliated physicians; large and small health systems; large and medium medical group practices, including FQHCs and community health centers; and small and solo provider practices. The company offers EMR solutions, a health exchange, patient portal and practice management solutions. It was chosen by the New York City Department of Health and Mental Hygiene as its EMR/PM solution in 2007. There is an online demo of their services or you can schedule a demo. The company has a 98.9% renewal rate based on figures from maintenance contracts and Software-as-a-Service (SaaS) renewal agreements. The company reported $85 billion in revenues in 2008. The company’s success spurred a Harvard Business School case study, titled “eClinicalWorks: The Paths to Growth,” by Professor Robert F. Higgins that is available at www.harvardbusinessonline.com. willisc4
http://www.klasresearch.com/KLAS Enterprises is an independently owned LLC and monitors vendor performance through the active participation of thousands of healthcare organizations. KLAS helps healthcare providers make informed technology decisions by offering accurate, honest, and impartial vendor performance information. KLAS focuses solely on healthcare technology. Their main areas of research involve software, service firms, and medical equipment. They have an extensive vendor directory. willisc5
http://www.openclinical.org/emr.html OpenClinical is a not-for-profit organization created and maintained as a public service with support from Cancer Research UK under the overall supervision of an international technical advisory board. The OpenClinical Web site is aimed in particular at healthcare professionals and managers, medical informaticians and computer scientists and industry. It is designed to be a "one-stop shop" for anyone interested in learning about and tracking developments on advanced knowledge management technologies for healthcare such as point-of-care decision support systems, "intelligent" guidelines and clinical workflow. jph1
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC2670325/pdf/jcsm.5.2.101.pdf Quan, SF. The Electronic Health Record: The Train is Coming. J Clin Sleep Med. 2009 April 15; 5(2): 101. A nice brief editorial about the pros and cons of the EHR written by a physician from Harvard Medical School on the front line and who has been working with various EHR’s for some time. jph2
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC1480192/ Pallav Sharda P, et al. Specifying Design Criteria for Electronic Medical Record Interface Using Cognitive Framework. AMIA Annu Symp Proc. 2003; 2003: 594–598. jph3
http://groups.csail.mit.edu/medg/ftp/psz/EMR-design-paper.pdf Fraser HSF et al. Implementing electronic medical systems in developing countries. Informatics in Primary Care 2005;13:83–95. A nice review on the EHR in general as well as its design and possible application in developing countries by authors from Harvard Medical School. jph4
http://www.omnimd.com/ From EMR to practice management to electronic claims Omni offers a comprehensive set of support services such as medical billing and transcriptions as part of an integrated solution under one roof. ippo1
http://www.hospimedica.com/index.php?option=com_article&Itemid=294727142 Vendors and hospitals that affiliate with the physicians, and not government initiatives, will ultimately determine if doctors in the United States adopt electronic medical records (EMRs), according to a new report from Kalorama Information (New York, NY, USA), a healthcare market research firm. ippo2.
http://assets1.csc.com/health_services/downloads/CSC_Update_on_Meaningful_Use.pdf Overview of meaningful use criteria to qualify for government reimbursement for developing EMR. To get the maximum Medicare payments, eligible providers need to qualify by CY 2012 and hospitals by FY 2013. Meaningful use requirements are still grouped into three stages but the designations are no longer tied to dates (2011, 2013 and 2015):Both physicians and hospitals also need to meet Stage 3 criteria by 2015 to avoid Medicare penalties. ippo3
http://www.athenahealth.com/our-services/athenaClinicals.php?open=20 Is an offering of a Web based unique service model EMR. It boasts the ability to keep up with government mandates. Athena will be constantly integrating changes into the web-based EHR without additional cost to the practice or disruption to daily workflow. ippo4
http://www.springerlink.com/content/38315l1701454702/ Neutral Implanted Data Collection Interface requires a fundamentally different infrastructure. The emergence of wearable and implanted mobile technologies, employed in distributed environments could serve to minimize existing adoption resistance. ippo5
http://en.wikipedia.org/wiki/Health_Level_7 Concerning interoperability, HL7 specifies a number of flexible standards, guidelines, and methodologies by which various healthcare systems can communicate with each other. Such guidelines or data standards are a set of rules that allow information to be shared and processed in a uniform and consistent manner. These data standards are meant to allow healthcare organizations to easily share clinical information. Theoretically, this ability to exchange information should help to minimize the tendency for medical care to be geographically isolated and highly variable. ippo6
http://www.bitwork.com/google/ha.htm?gclid=CPGKk8K1rJ8CFcx25QodWyPT0g The Compliance Auditor interfaces with EMR to monitor who is accessing which patient records. Each provider’s implementation and interpretation of HIPAA are different. The flexibility of a Compliance Auditor appliance from Bitwork allows a practice to easily create audit reports. The government may require a privacy audit of EMR systems to determine who looked at any specific records, or whether someone is accessing records of VIPs, family members, or employees. ippo7
http://www.idtheftdailynews.com/articles/44266/four-out-of-five-healthcare-it-pros-had-at-least-o/According to a newly released survey, 61 percent of health IT practitioners doubt that their organizations have the resources to meet privacy and security requirements, while 70 percent say senior management isn't making data protection a priority. ippo8
http://www.law.uh.edu/healthlaw/perspectives/2006%5C%28JM%29E-RecordsFinal.pdfAlthough there is great potential in the EMR technology, it is still unaffordable for most hospitals, group practices, and definitely for solo-practitioners. Furthermore, every healthcare institution and physician is aware that, after taking on the sunk costs of acquiring EMR technology, there is no guarantee that it will not become the next laser disc or that a newer version will not eclipse the previous model every three months. Additionally, there are the opportunity costs: The amount of money a healthcare institution spends on EMR technology in order to improve healthcare is money that the institution will not have to acquire other resources to provide healthcare. ippo9
http://www.ncbi.nlm.nih.gov/pmc/articles/PMC116296/pdf/0030139.pdfThe goal of information privacy raises issues of access control (user authentication and authorization) and the application of cryptographic protocols for data transmission and storage.
The authors review the conflicting goals of accessibility and security for electronic medical records and discuss non-technical and technical aspects that constitute a reasonable security solution. It is argued that with guiding policy and current technology, an electronic medical record may offer better security than a traditional paper record. ippo10
http://www.medicalrecordshow.com/why-avoid-documenting-by-texting-because-you-dont-mess-around-with-slim/ The process of logging information into an EMR system will require doing away with free text input. ippo11
http://en.wikipedia.org/wiki/Microchip_implant_(human)#Security_risks
http://en.wikipedia.org/wiki/Microchip_implant_(human)#Medical_records_use Discusses the future application of implantable chip technology for EMR along with security issues and ethical considerations. Risks of implantable devises may include subcutaneous sarcomas, burn injury in MRI machines, vulnerability to third party scanners since these chips are unencrypted. On a positive note they can be use as GPS locators for lost individuals. ippo12
http://en.wikipedia.org/wiki/Electronic_medical_record#Legal_status EMR can be used to monitor and predict clinical events and ultimately prevent an adverse event. EMR can be use to transfer patients GP2GP. ippo13
http://www.texmed.org/Template.aspx?id=5969 Discusses the function of electronic signatures and the digitized encryption that binds documents to a unique number or electronic fingerprint. A digitized signature is an image of a pen-to-paper signature. An electronic signature can be an electronic sound, symbol, or process associated with a record. It is a mark added to a document to indicate intent to sign. ippo14
http://www.reportbuyer.com/pharma_healthcare/technology/u_s_markets_emr_electronic_medical_records_technology.htmlThis 140 page report for sale provides information on the most important companies competing in this market. Vendors are a vital part of shaping this industry, but having the competitive intelligence is just one part of advancing this industry. This discusses the kinds of plans vendors are offering and how much the vendors expect to compete for in the next five years. Physician Preference on EMR Features are also discussed. ippo15
http://emradvice.wordpress.com/category/ehr-regulations/ Health care providers most frequently have cited cost as a primary obstacle to adopting an [EHR] system.
Using EHR reduces costs by almost annually, and nearly two-thirds of the savings were associated with reducing the amount of time for manually pulling charts. ippo16
http://www.emrexperts.com/emr-roi/index.php A Return on Investment (ROI) or Cost-Benefit Analysis study is performed anticipating a technology purchase for a healthcare organization. This is especially true for Electronic Medical Record (EMR) software where the cost benefits can vary greatly from installation to installation. This article discusses the ROI for independent single physician practices. ippo17
http://www.infoway-inforoute.ca/
As a not-for-profit organization funded by the federal government, Infoway works with the provinces and territories to foster and accelerate the development and adoption of pan-Canadian electronic health information systems. Once these technology systems are up and running, health care professionals will have ready access to accurate and complete patient information. Also, Canadians will be able to access and manage their own health information electronically. What this means is better communication between health care professionals and a clearer understanding of what patients need. Thanks to the growing implementation of EHR technology, many Canadians are already realizing some significant benefits such as faster, more accurate diagnosis, and shorter wait times for treatment, safer prescriptions and better access to chronic disease management. glj1
http://www.cmpa-acpm.ca/cmpapd04/docs/submissions_papers/com_electronic_records_handbook-e.cfm
This website, CMPA (Canadian Medical Protective Association) speaks of implementing and using electronic medical records and electronic health records. More specifically, it describes the regulation of electronic records, patient consent and rights to access, security and privacy issues, maintaining data integrity, sending / transferring records, destroying / disposing of records, data sharing and inter-physician arrangements, and emerging issues (PHR – Patient health Record). glj2
http://www.longwoods.com/product.php?productid=16865
This website describes how one province in Canada, Alberta is at the leading edge in developing its electronic health record (EHR). The site describes the provincial initiative to provide healthcare providers with immediate access to a patient's medication history and laboratory test results, regardless of where they are in the province, or where the patient's drugs or other treatments were ordered. The Alberta EHR was launched in October 2003. So far 6,000 healthcare providers have voluntarily signed on to use it, and benefits to patient safety have been reported. The EHR is an important part of healthcare renewal that is required to improve patient safety; however, it must not be viewed as a stand alone cure-all solution to Canada's patient safety challenge. glj3
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=960233 This is a paper by Miller A., and Tucker C. titled “Privacy Protection and Technology Diffusion: The Case of Electronic Medical Records" (February 2009). The authors examined the impact of privacy laws on EMR adoption. They found that state privacy protection of hospital medical information inhibited EMR adoption by approximately 11% per three-year period, or 24% overall in states with such laws. The laws appear to reduce the network effects of EMR. In states without hospital privacy protection, if one hospital in an area adopts EMR, the propensity of other hospitals in the area to adopt EMR is increased by 7%. In states that have privacy laws, this propensity increase is not observed. bunmi1
http://content.healthaffairs.org/cgi/content/abstract/24/5/1103“Can Electronic Medical Record Systems Transform Health Care? Potential Health Benefits, Savings, And Costs” Richard Hillestad, James Bigelow, Anthony Bower, Federico Girosi, Robin Meili, Richard Scoville and Roger Taylor
This examination of the health and financial benefits of HIT uses comparisons to IT in other industries to estimate the potential savings of adoption of EMR. They optimistically predict that EMR networking could save $81 billion annually. jfl1
Jerome Groopman, Pamela Hartzband
Obama’s $80 Billion Exaggeration. The Wall Street Journal, Opinion, March 11, 2009
The two clinical faculty members of Harvard Medical School who authored this opinion were responding to statements President Obama made after his healthcare summit in early March. Dr. Hartzband is an endocrinologist at Beth Israel Deaconess Medical Center and an assistant professor of medicine at Harvard Medical School, and Dr. Groopman is a hematologist–oncologist at Beth Israel Deaconess Medical Center and a professor of medicine at Harvard Medical School — both in Boston. They believe touting EHR as a cornerstone of healthcare reform is overly simplistic and unsubstantiated. The article was enlightening regarding the basis for support of EMR is a theoretical study in 2005 by the RAND Corporation which is funded by corporations likely to benefit. jfl2.
http://www.virmedice.com/
VirMedice is a reseller company for the web-based NextGen EHR/ EPM system. VirMedice, as a SaaS provider, provides full service electronic health records by offering remote access to the NextGen system using internet connections. Instead of buying the complete software and server, and then hiring IT service to start the electronic health record system, VirMedice provides them for you. This is a convenient, low initial capital outlay way to implement an electronic record system for a small group and single practitioner, however an ongoing monthly leasing fee is required. It eliminates some of the headaches of a medical business, such as initial high cost purchase, ongoing IT maintenance and loss of patients’ records due to power outage and computer dysfunction. oba1
http://www.chartlogic.com
A significant difference in this EHR system, compared to any other EHR systems is the Precision Voice driven ChartLogic EMR, which integrates proprietary software with voice driven commands, dictation, specialty specific vocabulary, microphones, and hardware. This system is designed to achieve highly accurate voice recognition and provides time-saving shortcuts in addition to electronic medical records. This company combines Electronic Medical Record (EMR), Practice Management (PM), and Document Management (DM), and offers three different EMR solutions. ChartLogic claims that by implementing Precision Voice command, it makes doctors lives easier and saves time for busy medical practitioners. oba2
http://www1.va.gov/cprsdemo/ and
http://www.vacareers.va.gov/vacareers_Careers_Edge_Technology.cfm
The Department of Veteran’s Affairs Medical Centers use their award winning electronic health record, CPRS (Computerized Patient Record System). CPRS is networked across the VA patient care centers in the U.S., including VA medical centers, clinics, and care facilities. The purpose of this is to be able to access Veterans patients’ medical records including labs, patient’s information, medications, diagnostics and progress notes so Veterans can have their medical care anywhere in the U.S. without disruption. CPRS is a comprehensive Veterans Health Information Systems and Technology Architecture (VistA) program, where VistA became part of the public domain. Therefore VistA can legally be the basis of proprietary software and free and open source software in community. The adoptation of VistA by EHR industry is discussed at http://www.fierceemr.com/story/vista-powerful-it-adaptable/2010-01-14 oba3
http://www.medsphere.com/
A number of companies already have taken the source code for VistA and commercialized it as a lower-cost alternative to the many proprietary, enterprise EHRs on the market. Medsphere Corporation, a founder of Open Vista which is the most fully commercialized VistA offspring, emphasizes the affordability being a huge issue to implement EHR system in many communities. The company claims that they can do everything the other systems do without upfront capital costs or back-end balloon payments. Medsphere is based in Carlsbad, California, and was founded in 2002. oba4
**http://www.centerforhit.org/online/chit/home/ehr-adoption.html**
This site by the American Association of Family Practice has a large web of education on what the MD needs to know about EMR. Tutorials are given on the teminology, on evaluating programs, on the implementation, etc. Also has product reviews by members. jfl3
http://www.ama-assn.org/amednews/2010/01/25/bil20125.htm
The American Medical News site is a huge resource on many topics and is rich in articles on EMR. The navigation bar in lavender down the left side of the screen makes content easy to access. This article from January 2010, discusses a different issue of EMR security: one does not need to be a talented hacker if one can merely obtain a user name and password from an authorized user. Sophisticated phishing schemes are targeting physicians in large EMR networks to steal the identity not only of the physician but also of the unsuspecting patients in the database. jfl4
Health Data Exchange
http://www.healthcareitnews.com/news/klas-questions-vendor-claims-hies - "KLAS questions vendor claims on HIEs". This report published 2/9/10 examines a report by KLAS, an Orem, Utah-based research firm . KLAS found that only a few vendors can claim that they have created a proven and reputable model for HIE. They validated 89 separate organizations that use live HIE technology to share patient information that is viewed by physicians. Acute-to- acute sites as well as acute-to-ambulatory sites were evaluated. Medicity's Novo Grid was the leader with 22 live sites in the acute-to-ambulatory HIE's. More than 70% of the validated sites were funded through state or federal grants. Many challenges were reported on establishing a HIE including security and privacy concerns as well as governance and patient consent.. jfg1
Meaningful Use
http://www.govhealthit.com/newsitem.aspx?nid=73094
The National Health IT coordinator, Dr. David Blumenthal, spoke to government leaders at the Health IT Government Leaders, Health Information Exchange and HIPAA summits on February 4, 2010. In his description of how his office will determine how high to set the bar for physicians and hospitals to be converted into “meaningful users” of electronic health records, he spoke of "stretching" but not "break" the healthcare community in setting conditions for healthcare providers to qualify for the financial incentives to implement "meaningful use" of health information technology. The proposal uses an "escalator concept" guiding providers toward increasingly sophisticated uses of EHR's via the help of financial incentives and aid from state health information exchanges and IT technical training centers. The director of the Agency for Healthcare Research and Quality, Dr. Carolyn Clancy, believes that wider acceptance of EHRs holds the potential for considerably improving population health research. She stated that “health IT is critical and indispensable but people have to organize the information. That is really the promise of patient-centered health research”.
Comments on the proposal are being accepted by the Health and Human Services Department until March 15, 2010 and they are expecting finalizing the plan in late spring.. jfg2
http://images.google.com/imgres?imgurl=http://www.medgadget.com/archives/img/36534tr1.jpg&imgrefurl=http://medgadget.com/archives/2008/12/_on_the_go_capzule_introduces_electronic_medical_record_management_on_iphone.html&usg=__l2It-JzY83uMjQHoRI5BMC-oMnA=&h=434&w=468&sz=73&hl=en&start=52&itbs=1&tbnid=I-RO65gZqEFcVM:&tbnh=119&tbnw=128&prev=/images%3Fq%3Delectronic%2Bmedical%2Brecord%26gbv%3D2%26ndsp%3D18%26hl%3Den%26sa%3DN%26start%3D36
Patients are cared for even when the Care givers are off site with Capzule. Care givers can now easily connect with their office via their iPhone. With the launch of the iPhone Web application for Capzule.com, an online service that provides electronic medical records to independent clinics, Care givers have greater flexibility in caring for their patients. They can review patient files on their mobile device, and provide quicker response times when away from the office.They can view messages, check their schedule, review charts, and write prescriptions. Doctors who treat patients in more than one location will greatly benefit. They can check on patients between hospital rounds, nursing home visits and more.Affordability should increase as well with monthly fee dropping from $ 200 to $ 50 per doctor per month because of competition. Sharad
Discusses how waiting for EMR to be implemented by healthcare professionals who are dragging their feet will cost lives due to medication errors which would have been prevented if the EMR was in use.
A discussion of how doctors find EMR’s not user friendly and that they cannot share information from one system to the next.